Embed Google Iframe
1,690 views
Skip to first unread message
Guillaume Odier
Feb 23, 2017, 4:31:34 AM2/23/17
to Chromium-Extensions-Announce
Hi,
I'm working on a chrome extension and I need to embed google services (search, mail, contacts ...) in iframes.
I've searched a lot and I get it is not possible because of Click jacking.
I've searched a lot and I get it is not possible because of Click jacking.
However, there's this extension, Black Menu (https://chrome.google.com/webstore/detail/black-menu-for-google/eignhdfgaldabilaaegmdfbajngjmoke?hl=en), that managed to embed almost any services in iframes using custom URLs such as these:
With bm being obviously black menu.
So I'm wondering, does this mean the developer managed to get exclusive/special access to google search (and others) as mobile version to embed it ?
Further more, I'm able to embed Gmail in an iframe, even if I got
X-Frame-Options:
SAMEORIGIN
in the headers ... Although not every time. Is it a cookie problem ? Should I log in with google across the entire browser ? (and if yes, how do I do that ?).Any ideas ?
Thanks!
Thanks!
PhistucK
Feb 23, 2017, 11:16:19 AM2/23/17
to Guillaume Odier, Chromium-Extensions-Announce
Perhaps the chrome.webRequest API lets you change that headers? I do not remember.
Anyway, there is an element called <webview> or something like that and while it is similar to an <iframe> in a way, I think it lets you embed things that are not willing to be embedded.
Also, that is a Chrome application, I believe, not a Chrome extension (perhaps only Chrome applications support <webview>).
☆PhistucK
--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.
To post to this group, send email to chromium-extensions@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/87f098f6-de10-4b6b-b8db-91b91b2a7f5d%40chromium.org.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.
Iftach Orr
Feb 23, 2017, 12:16:28 PM2/23/17
to PhistucK, Guillaume Odier, Chromium-Extensions-Announce
The trick of Black Menu is hidden inside webrequest.js
The developer modified all requests to google that has the text "bm_embed" inside so chrome will not block them
Here is how the developer removed he x-frame-options protection
The developer modified all requests to google that has the text "bm_embed" inside so chrome will not block them
Here is how the developer removed he x-frame-options protection
chrome.webRequest.onHeadersReceived.addListener(function(r) {
if (!e(r.tabId)) return null;
for (var s = r.responseHeaders, t = s.length - 1; t >= 0; --t) {
var a = s[t].name.toLowerCase();
("x-frame-options" === a || "frame-options" === a) && s.splice(t, 1)
}
return {
responseHeaders: s
}
}, {
urls: ["https://*.google.com/*bm_embed=1*"],
types: ["sub_frame"]
Hope this helps
On Thu, Feb 23, 2017 at 6:15 PM, PhistucK <phis...@gmail.com> wrote:
Perhaps the chrome.webRequest API lets you change that headers? I do not remember.Anyway, there is an element called <webview> or something like that and while it is similar to an <iframe> in a way, I think it lets you embed things that are not willing to be embedded.Also, that is a Chrome application, I believe, not a Chrome extension (perhaps only Chrome applications support <webview>).
☆PhistucK
On Thu, Feb 23, 2017 at 11:31 AM, Guillaume Odier <guillaume...@gmail.com> wrote:
Hi,I'm working on a chrome extension and I need to embed google services (search, mail, contacts ...) in iframes.
I've searched a lot and I get it is not possible because of Click jacking.However, there's this extension, Black Menu (https://chrome.google.com/webstore/detail/black-menu-for-google/eignhdfgaldabilaaegmdfbajngjmoke?hl=en), that managed to embed almost any services in iframes using custom URLs such as these:With bm being obviously black menu.So I'm wondering, does this mean the developer managed to get exclusive/special access to google search (and others) as mobile version to embed it ?Further more, I'm able to embed Gmail in an iframe, even if I gotX-Frame-Options:SAMEORIGINin the headers ... Although not every time. Is it a cookie problem ? Should I log in with google across the entire browser ? (and if yes, how do I do that ?).Any ideas ?
Thanks!
--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsubscribe...@chromium.org.
To post to this group, send email to chromium-extensions@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/87f098f6-de10-4b6b-b8db-91b91b2a7f5d%40chromium.org.
For more options, visit https://groups.google.com/a/chromium.org/d/optout.
--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.
To post to this group, send email to chromium-extensions@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/CABc02_LK3%3DU3vr%3DdDMf5_bZmgO6v2Koeo4_rY9H0mFQ94_T8ew%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages