From 73262be2c2b85a69d58b6d67c78fa1556d446eed Mon Sep 17 00:00:00 2001 From: Cheng Zhao Date: Mon, 11 Aug 2014 15:03:57 +0800 Subject: [PATCH] Filter out x-frame-options header on user's request. --- .../atom_resource_dispatcher_host_delegate.cc | 21 +++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/atom/browser/atom_resource_dispatcher_host_delegate.cc b/atom/browser/atom_resource_dispatcher_host_delegate.cc index 49038e617671..cc656b6c01a2 100644 --- a/atom/browser/atom_resource_dispatcher_host_delegate.cc +++ b/atom/browser/atom_resource_dispatcher_host_delegate.cc @@ -5,11 +5,19 @@ #include "atom/browser/atom_resource_dispatcher_host_delegate.h" #include "base/logging.h" +#include "content/public/browser/render_frame_host.h" +#include "content/public/browser/resource_request_info.h" #include "net/http/http_response_headers.h" #include "net/url_request/url_request.h" namespace atom { +namespace { + +const char* kDisableXFrameOptions = "disable-x-frame-options"; + +} // namespace + AtomResourceDispatcherHostDelegate::AtomResourceDispatcherHostDelegate() { } @@ -21,11 +29,20 @@ void AtomResourceDispatcherHostDelegate::OnResponseStarted( content::ResourceContext* resource_context, content::ResourceResponse* response, IPC::Sender* sender) { - /* + // Check if frame's name contains "disable-x-frame-options" + int p, f; + if (!content::ResourceRequestInfo::GetRenderFrameForRequest(request, &p, &f)) + return; + content::RenderFrameHost* frame = content::RenderFrameHost::FromID(p, f); + if (!frame) + return; + if (frame->GetFrameName().find(kDisableXFrameOptions) == std::string::npos) + return; + + // Remove the "X-Frame-Options" from response headers. net::HttpResponseHeaders* response_headers = request->response_headers(); if (response_headers && response_headers->HasHeader("x-frame-options")) response_headers->RemoveHeader("x-frame-options"); - */ } } // namespace atom