I am making a chrome extension which has an iframe in it. When the extension requests to the server in order to get the page, it returns an error Refused to display '/' in a frame because it set 'X-Frame-Options' to 'deny'. Although I have set the x-frame-options to deny in my .htaccess file and added a header('x-frame-options: GOFORIT') in my specific method in my back-end project, it returned another error Refused to display '/' in a frame because it set multiple 'X-Frame-Options' headers with conflicting values ('GOFORIT, DENY'). Falling back to 'deny'. I added webRequest and webRequestBlocking to permissions in my manifest.json file. No luck and it returned 'webRequestBlocking' requires manifest version of 2 or lower and Unchecked runtime.lastError: You do not have permission to use blocking webRequest listeners. Be sure to declare the webRequestBlocking permission in your manifest. So I removed webRequestBlocking from the permissions and added declarativeNetRequest as it is for v3. No result!! Then I added
chrome.webRequest.onHeadersReceived.addListener(
function(info) {
var headers = info.responseHeaders;
for (var i=headers.length-1; i>=0; --i) {
var header = headers[i].name.toLowerCase();
if (header == 'x-frame-options' || header == 'frame-options') {
headers.splice(i, 1); // Remove header
}
}
return {responseHeaders: headers};
}, {
urls: [
'*://*/*', // Pattern to match all http(s) pages
// '*://*.example/*', // Pattern to match one http(s) site
],
types: [ 'sub_frame' ]
}, [
'blocking',
'responseHeaders',
// Modern Chrome needs 'extraHeaders' to see and change this header,
// so the following code evaluates to 'extraHeaders' only in modern Chrome.
chrome.webRequest.OnHeadersReceivedOptions.EXTRA_HEADERS,
].filter(Boolean)
);
to my script.js, it returned Uncaught TypeError: Cannot read properties of undefined (reading 'onHeadersReceived')
What should I do to allow ONLY the extension to request to the server?
I am making a chrome extension which has an iframe in it. When the extension requests to the server in order to get the page, it returns an error Refused to display 'https://subdomain.example./' in a frame because it set 'X-Frame-Options' to 'deny'. Although I have set the x-frame-options to deny in my .htaccess file and added a header('x-frame-options: GOFORIT') in my specific method in my back-end project, it returned another error Refused to display 'https://subdomain.example./' in a frame because it set multiple 'X-Frame-Options' headers with conflicting values ('GOFORIT, DENY'). Falling back to 'deny'. I added webRequest and webRequestBlocking to permissions in my manifest.json file. No luck and it returned 'webRequestBlocking' requires manifest version of 2 or lower and Unchecked runtime.lastError: You do not have permission to use blocking webRequest listeners. Be sure to declare the webRequestBlocking permission in your manifest. So I removed webRequestBlocking from the permissions and added declarativeNetRequest as it is for v3. No result!! Then I added
chrome.webRequest.onHeadersReceived.addListener(
function(info) {
var headers = info.responseHeaders;
for (var i=headers.length-1; i>=0; --i) {
var header = headers[i].name.toLowerCase();
if (header == 'x-frame-options' || header == 'frame-options') {
headers.splice(i, 1); // Remove header
}
}
return {responseHeaders: headers};
}, {
urls: [
'*://*/*', // Pattern to match all http(s) pages
// '*://*.example/*', // Pattern to match one http(s) site
],
types: [ 'sub_frame' ]
}, [
'blocking',
'responseHeaders',
// Modern Chrome needs 'extraHeaders' to see and change this header,
// so the following code evaluates to 'extraHeaders' only in modern Chrome.
chrome.webRequest.OnHeadersReceivedOptions.EXTRA_HEADERS,
].filter(Boolean)
);
to my script.js, it returned Uncaught TypeError: Cannot read properties of undefined (reading 'onHeadersReceived')
What should I do to allow ONLY the extension to request to the server?
Share Improve this question asked Sep 14, 2021 at 11:39 kodfirekodfire 1,7833 gold badges26 silver badges65 bronze badges1 Answer
Reset to default 6As the error message says, one solution is to use "manifest_version": 2 and "webRequestBlocking" in "permissions".
Another solution is declarativeNetRequest, which is a new API with pletely different syntax so you'll have to rewrite your code entirely, here's an example: link.