1

Is there any way to whitelist webpages for ignoring the XFrame-options header of their iframes sources?

My particular usecase would be comic-rocket.com, which serves as a manager for webcomics. It works by scanning webcomics for the sequence of pages, and then providing a navigation interface, that remembers the last page read, where the webcomic page is displayed inside an iframe.

Sadly, that same method can be abused for click-jacking, and thus in recent browsers for a lot of webpages I get a blank iframe only and the message

Refused to display (URL-of-comic) in a frame 
because it set 'X-Frame-Options' to 'sameorigin'.

I'd like to disable this security feature selectively only for iframes on webpages I trust. A [solution for Firefox] seems to exist, but is there anything similar for Chrome?

Improve this question

1 Answer 1

Reset to default
1

There is command line switches, but looks like there is regression where it no longer works.

Please comment on the chrome bug list so the DEV hear our collective cries!

https://bugs.chromium.org/p/chromium/issues/detail?id=857032

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .