docs: Add document on overriding X-Frame-Options.

This commit is contained in:
Cheng Zhao 2014-08-11 15:25:26 +08:00
parent 73262be2c2
commit 253789353f
3 changed files with 24 additions and 2 deletions

View file

@ -18,6 +18,9 @@ win.show();
You can also create a window without chrome by using
[Frameless Window](frameless-window.md) API.
Security strategy of web pages showed by `BrowserWindow` is a bit different from
normal browsers, see [Web Security](web-security.md) for more.
## Class: BrowserWindow
`BrowserWindow` is an

21
docs/api/web-security.md Normal file
View file

@ -0,0 +1,21 @@
# Web Security
Because atom-shell has added node integration to normal web pages, there are
some security adjustments that made atom-shell both more safe and more
convenient.
## Overriding `X-Frame-Options` header
May websites (including Google and Youtube) use the
[X-Frame-Options](x-frame-options) header to disable access to their websites
in `iframe`s. In atom-shell you can add a `disable-x-frame-options` string in
the `iframe`'s name to disable this:
```html
<!-- Refused to display -->
<iframe name="google" src="https://google.com"></iframe>
<!-- Loads as expected -->
<iframe name="google-disable-x-frame-options" src="https://google.com"></iframe>
```
[x-frame-options](https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options)