Web Component extending IFrame to bypass X-Frame-Options: deny/sameorigin
X-Frame-Bypass
X-Frame-Bypass is a Web Component, specifically a Customized Built-in Element, which extends an IFrame to bypass the X-Frame-Options: deny/sameorigin
response header. Normally such headers prevent embedding a web page in an <iframe>
element, but X-Frame-Bypass is using a CORS proxy to allow this.
Usage
-
(Optional) Include the Custom Elements with Built-in Extends polyfill for Safari:
<script src="https://unpkg.com/@ungap/custom-elements-builtin"></script>
-
Include the X-Frame-Bypass JS module:
<script type="module" src="https://unpkg.com/x-frame-bypass"></script>
-
Insert the X-Frame-Bypass Custom Element:
<iframe is="x-frame-bypass" src="https://example.org/"></iframe>
Demo
See the Hacker News using X-Frame-Bypass. Supported are current versions of Chrome and Firefox browsers. Edge and Safari do not support Customized Built-in Elements yet.
License
© 2019 Jerzy Głowacki under Apache License 2.0.
Install
Framework Support
Browser Independent
Install with
Run the above npm command in your project folder.
If you have any issues installing, please
contact the author.
Release notes - Version 1.0.2