Logo
My Account |  Site Map | Contact Us  
Welcome Guest Search | Active Topics | Sign In | Register

EO.WebBrowser Options
ashnet
Posted: Sunday, January 8, 2017 11:21:15 AM
Rank: Newbie
Groups: Member

Joined: 1/8/2017
Posts: 2
Hello,

is there a possibility to ignore the incoming X-Frame-Options header?
I have tried setting the EnableWebSecurity and EnableXSSAuditor to false but its not working.

Possible solutions would be a possibility to edit response headers, a setting in BrowserSettings or an attribute for the iframe element like the nwfaketop in nwjs.io.

Thanks in advance or best regards, Alex
eo_support
Posted: Monday, January 9, 2017 9:25:28 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 19,598
Hi,

There is no direct way for you to disable this header. It's technical possible for you to use a custom resource handler to intercept all requests and then process the request yourself, and remove this header in the process. However I am not sure if this is worth it since it will basically put a "proxy" between the browser engine and the actual web server thus practically disabling many internal optimization the browser engine already has (such as caching). If you are interested, see here for more information about custom resource handling:

https://www.essentialobjects.com/doc/webbrowser/advanced/resource_handler.aspx

Thanks!
ashnet
Posted: Monday, January 9, 2017 5:04:40 PM
Rank: Newbie
Groups: Member

Joined: 1/8/2017
Posts: 2
Hello,

thank you very much for your fast reply.
Thank you also for the idea to use a custom resource handler. I have tested it but this doesnt fit my needs.

Would it be possible to add the feature to edit headers or remove the X-Frame-Options header in an future version of EO.WebBrowser.
A custom solution would work for me as well. I am willing to help to test / implement the feature if needed.

Unfortunately our buy Decision of this component depends on this feature.
And as a developer i would love to work with this component since it seems to be so much better in multiple ways than the other products.

Is there any chance to get this feature in? :)

Thanks in advance an best regards, Alex
eo_support
Posted: Monday, January 9, 2017 5:20:27 PM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 19,598
Hi,

Unfortunately we do not have any plans in the near future to allow user custom response headers (we allow user to custom request headers). The reason is because response headers are closely integrated at the core level with many aspect of the browser engine. It will not be practical for us to allow user to plug in custom code at that level. Custom resource handler is the closest you can get for this case.

Thanks!


You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.