mirror of
https://github.com/MichMich/MagicMirror.git
synced 2025-08-28 09:01:44 +00:00
Add option to remove "x-frame-options" and "content-security-policy" response headers (#2963)
Many users like me do have the problem that they want to embed other sites to their mirror by "iframe". As some developers set the "x-frame-options" and "content-security-policy" for security reasons these sites can not be embedded. Electron provides the "webview" element additionally to "iframe" which allows to embed these sites although. The main difference is that a new process is started which handles the "webview" element. BUT: As the "webview" process needs to be started and is isolated "webview" is slower and the elements can not be accessed from the embedding website. As an alternative i implemented a small callback function in electron.js which removes the response headers that forbid the embedding. The removing can be controlled with the new config options: * ignoreXOriginHeader * ignoreContentSecurityPolicy
This commit is contained in:
Thomas Hirschberger
committed by
GitHub
GitHub
parent
0b01e9dbe0
commit
b9b7d2c95d
@@ -19,6 +19,7 @@ Special thanks to: @rejas, @sdetweil, @MagMar94
|
||||
- Added css class names "today" and "tomorrow" for default calendar
|
||||
- Added Collaboration.md
|
||||
- Added new github action for dependency review (#2862)
|
||||
- Added config options "ignoreXOriginHeader" and "ignoreContentSecurityPolicy"
|
||||
|
||||
### Removed
|
||||
|
||||
|
||||
Reference in New Issue
Block a user