diff options
author | Julian Xhokaxhiu | 2016-09-27 15:57:58 +0200 |
---|---|---|
committer | Julian Xhokaxhiu | 2016-09-27 15:57:58 +0200 |
commit | cf9ee355545cecf18f3346413a4c99667a5d8765 (patch) | |
tree | e754c98454a584492e5904a8f1468d7506b31036 | |
parent | 20c1bcfcc6d444e3c67821af7cda955c5841877f (diff) | |
download | aur-cf9ee355545cecf18f3346413a4c99667a5d8765.tar.gz |
Disable web security was not the right solution
In order to disable X-Frame-Option header security, we need to tackle this via an extension. So provide a way to automatically load it, every time the chromium process starts.
-rw-r--r-- | PKGBUILD | 14 | ||||
-rw-r--r-- | chromium-fullscreen.install | 7 | ||||
-rw-r--r-- | chromium-fullscreen.xinitrc | 2 | ||||
-rw-r--r-- | disable-x-frame-option-background.js | 14 | ||||
-rw-r--r-- | disable-x-frame-option-manifest.json | 10 |
5 files changed, 42 insertions, 5 deletions
@@ -1,7 +1,7 @@ # Author: Julian Xhokaxhiu <info@julianxhokaxhiu.com> pkgname=chromium-fullscreen pkgver=1 -pkgrel=4 +pkgrel=5 pkgdesc="A script in order to run Chromium in fullscreen mode under the chromium user" url="" arch=('x86_64' 'i686' 'arm' 'armv6h' 'armv7h') @@ -9,9 +9,13 @@ license=('MIT') depends=('xorg-server' 'xorg-xinit' 'unclutter' 'chromium' 'xlogin-git') install='chromium-fullscreen.install' source=('chromium-fullscreen.sysuser' - 'chromium-fullscreen.xinitrc') + 'chromium-fullscreen.xinitrc' + 'disable-x-frame-option-background.js' + 'disable-x-frame-option-manifest.json') md5sums=('9e979fbdd1e4a5a04fd0e91ce6a9a7be' - '7f2ce7a70ebb06b9b8ff0e222f08bb37') + '1a2b2cd4bd67769948edcdaabb5592eb' + 'c700c36f4ea3e353c6d49df823561fc4' + 'f543ec018edbaf5533e6bddd5068ff54') package() { # Copy autorun script @@ -19,4 +23,8 @@ package() { #Install sysuser config install -Dm644 ${srcdir}/chromium-fullscreen.sysuser "$pkgdir/usr/lib/sysusers.d/chromium-fullscreen.conf" + + # Copy the extensions files + install -Dm644 ${srcdir}/disable-x-frame-option-background.js "$pkgdir/home/chromium/.extensions/disable-x-frame-option/background.js" + install -Dm644 ${srcdir}/disable-x-frame-option-manifest.json "$pkgdir/home/chromium/.extensions/disable-x-frame-option/manifest.json" } diff --git a/chromium-fullscreen.install b/chromium-fullscreen.install index a0dca1e6886d..aa33b66c72d6 100644 --- a/chromium-fullscreen.install +++ b/chromium-fullscreen.install @@ -1,4 +1,4 @@ -post_install() { +pre_install() { # Update systemd sysusers systemd-sysusers @@ -8,6 +8,11 @@ post_install() { # Create a first sample of Autostart Url echo -e "https://www.archlinux.org/\n" > /home/chromium/chromium-autostart-url.txt + # Create the extensions folders + mkdir -p /home/chromium/.extensions/disable-x-frame-option +} + +post_install() { # Fix permissions chown -R chromium:chromium /home/chromium diff --git a/chromium-fullscreen.xinitrc b/chromium-fullscreen.xinitrc index c8bdc1836524..8b20693263eb 100644 --- a/chromium-fullscreen.xinitrc +++ b/chromium-fullscreen.xinitrc @@ -27,7 +27,7 @@ exec /usr/bin/chromium --disable \ --disable-suggestions-service \ --disable-save-password-bubble \ --disable-session-crashed-bubble \ - --disable-web-security \ + --load-extension=.extensions/disable-x-frame-option \ --window-position="0,0" \ --window-size="1920,1080" \ --kiosk "$URL" diff --git a/disable-x-frame-option-background.js b/disable-x-frame-option-background.js new file mode 100644 index 000000000000..7731f4ec4f7c --- /dev/null +++ b/disable-x-frame-option-background.js @@ -0,0 +1,14 @@ +chrome.webRequest.onHeadersReceived.addListener( + function (details) { + for (var i = 0; i < details.responseHeaders.length; ++i) { + if (details.responseHeaders[i].name.toLowerCase() == 'x-frame-options') { + details.responseHeaders.splice(i, 1); + return { + responseHeaders: details.responseHeaders + }; + } + } + }, { + urls: ["<all_urls>"] + }, ["blocking", "responseHeaders"] +);
\ No newline at end of file diff --git a/disable-x-frame-option-manifest.json b/disable-x-frame-option-manifest.json new file mode 100644 index 000000000000..8ec9201350a4 --- /dev/null +++ b/disable-x-frame-option-manifest.json @@ -0,0 +1,10 @@ +{ + "name": "Ignore X-Frame headers", + "description": "Drops X-Frame-Options HTTP response headers, allowing all pages to be iframed.", + "version": "1.0", + "manifest_version": 2, + "background": { + "scripts": [ "background.js" ] + }, + "permissions": [ "webRequest", "webRequestBlocking", "\u003Call_urls>" ] +} |