Filter out x-frame-options header on user's request.

atom/browser/atom_resource_dispatcher_host_delegate.cc

@@ -5,11 +5,19 @@
 #include "atom/browser/atom_resource_dispatcher_host_delegate.h"
 
 #include "base/logging.h"
+#include "content/public/browser/render_frame_host.h"
+#include "content/public/browser/resource_request_info.h"
 #include "net/http/http_response_headers.h"
 #include "net/url_request/url_request.h"
 
 namespace atom {
 
+namespace {
+
+const char* kDisableXFrameOptions = "disable-x-frame-options";
+
+}  // namespace
+
 AtomResourceDispatcherHostDelegate::AtomResourceDispatcherHostDelegate() {
 }
 
@@ -21,11 +29,20 @@ void AtomResourceDispatcherHostDelegate::OnResponseStarted(
     content::ResourceContext* resource_context,
     content::ResourceResponse* response,
     IPC::Sender* sender) {
-  /*
+  // Check if frame's name contains "disable-x-frame-options"
+  int p, f;
+  if (!content::ResourceRequestInfo::GetRenderFrameForRequest(request, &p, &f))
+    return;
+  content::RenderFrameHost* frame = content::RenderFrameHost::FromID(p, f);
+  if (!frame)
+    return;
+  if (frame->GetFrameName().find(kDisableXFrameOptions) == std::string::npos)
+    return;
+
+  // Remove the "X-Frame-Options" from response headers.
   net::HttpResponseHeaders* response_headers = request->response_headers();
   if (response_headers && response_headers->HasHeader("x-frame-options"))
     response_headers->RemoveHeader("x-frame-options");
-  */
 }
 
 }  // namespace atom