From 0df54a5b9e65f7dd13f71130367a94862ee7400a Mon Sep 17 00:00:00 2001 From: Tom-Hirschberger Date: Wed, 2 Nov 2022 09:55:50 +0100 Subject: [PATCH 1/2] remove "x-frame-options" and "content-security-policy" header of responses if configured; these headers prevent sites of being embedded into iframes; with the headers being removed the sites can be embedded; --- js/electron.js | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/js/electron.js b/js/electron.js index ffa48e6a74..ac58657c30 100644 --- a/js/electron.js +++ b/js/electron.js @@ -103,6 +103,20 @@ function createWindow() { }, 1000); }); } + + //remove response headers that prevent sites of being embedded into iframes if configured + mainWindow.webContents.session.webRequest.onHeadersReceived((details, callback) => { + let curHeaders = details.responseHeaders; + if (config["ignoreXOriginHeader"] || false) { + curHeaders = Object.fromEntries(Object.entries(curHeaders).filter((header) => !/x-frame-options/i.test(header[0]))); + } + + if (config["ignoreContentSecurityPolicy"] || false) { + curHeaders = Object.fromEntries(Object.entries(curHeaders).filter((header) => !/content-security-policy/i.test(header[0]))); + } + + callback({ responseHeaders: curHeaders }); + }); } // This method will be called when Electron has finished From 8433ed1fd0d25c1fe59633aa430c003a7fdbb87e Mon Sep 17 00:00:00 2001 From: Tom-Hirschberger Date: Wed, 2 Nov 2022 09:59:49 +0100 Subject: [PATCH 2/2] add new config options to CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 516e499a12..1effbc2eda 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,6 +19,7 @@ Special thanks to: @rejas, @sdetweil, @MagMar94 - Added css class names "today" and "tomorrow" for default calendar - Added Collaboration.md - Added new github action for dependency review (#2862) +- Added config options "ignoreXOriginHeader" and "ignoreContentSecurityPolicy" ### Removed