docs: Add document on overriding X-Frame-Options.
This commit is contained in:
parent
73262be2c2
commit
253789353f
3 changed files with 24 additions and 2 deletions
|
@ -18,6 +18,9 @@ win.show();
|
|||
You can also create a window without chrome by using
|
||||
[Frameless Window](frameless-window.md) API.
|
||||
|
||||
Security strategy of web pages showed by `BrowserWindow` is a bit different from
|
||||
normal browsers, see [Web Security](web-security.md) for more.
|
||||
|
||||
## Class: BrowserWindow
|
||||
|
||||
`BrowserWindow` is an
|
||||
|
|
21
docs/api/web-security.md
Normal file
21
docs/api/web-security.md
Normal file
|
@ -0,0 +1,21 @@
|
|||
# Web Security
|
||||
|
||||
Because atom-shell has added node integration to normal web pages, there are
|
||||
some security adjustments that made atom-shell both more safe and more
|
||||
convenient.
|
||||
|
||||
## Overriding `X-Frame-Options` header
|
||||
|
||||
May websites (including Google and Youtube) use the
|
||||
[X-Frame-Options](x-frame-options) header to disable access to their websites
|
||||
in `iframe`s. In atom-shell you can add a `disable-x-frame-options` string in
|
||||
the `iframe`'s name to disable this:
|
||||
|
||||
```html
|
||||
<!-- Refused to display -->
|
||||
<iframe name="google" src="https://google.com"></iframe>
|
||||
<!-- Loads as expected -->
|
||||
<iframe name="google-disable-x-frame-options" src="https://google.com"></iframe>
|
||||
```
|
||||
|
||||
[x-frame-options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)
|
Loading…
Add table
Add a link
Reference in a new issue