Created
October 12, 2016 11:44
-
-
Save jangnezda/50855df0afb3abe6dc7b315cd77bdebe to your computer and use it in GitHub Desktop.
How to load an external URL in <iframe> using Electron
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* By default, Electron (well, underlying Chrome browser) will reject loading external URLs | |
* to an <iframe>. To circumvent this limitation, we can manipulate response headers from any | |
* http request and feed them to the Electron window. | |
* | |
* The 'onHeadersReceived' listener is documented here: | |
* http://electron.atom.io/docs/api/session/#webrequestonheadersreceivedfilter-listener | |
*/ | |
app.on('ready', () => { | |
let myWindow = new BrowserWindow({ | |
width: 800, | |
height: 800, | |
center: true | |
}); | |
// remove 'x-frame-options' header to allow embedding external pages into an 'iframe' | |
myWindow.webContents.session.webRequest.onHeadersReceived({}, (details, callback) => { | |
if(details.responseHeaders['x-frame-options']) { | |
delete details.responseHeaders['x-frame-options']; | |
} | |
callback({ cancel: false, responseHeaders: details.responseHeaders }); | |
}); | |
// replace with whatever html you want to load in your electron window | |
myWindow.loadURL(`file://${__dirname}/index.html`); | |
}); |
As I can see, it's now requires urls option to be set, like this:
mainWindow.webContents.session.webRequest.onHeadersReceived(
{urls: ['*://*/*']},
(details, callback) => {
if (details.responseHeaders['x-frame-options']) {
delete details.responseHeaders['x-frame-options']
}
callback({
cancel: false,
responseHeaders: details.responseHeaders,
})
},
)
@rewhex solution works, but some servers use capitalized header names. Here is a version that supports that too:
mainWindow.webContents.session.webRequest.onHeadersReceived(
{urls: ['*://*/*']},
(details, callback) => {
Object.keys(details.responseHeaders).filter(x => x.toLowerCase() === 'x-frame-options')
.map(x => delete details.responseHeaders[x])
callback({
cancel: false,
responseHeaders: details.responseHeaders,
})
},
)
From my experience, I also need to remove content-security-policy
header.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Genius!