强制Xulrunner忽略X-Frame-Options

时间:2017-03-06 00:26:39

标签: firefox xulrunner

我试图强制XULRunner忽略X-Frame-Options并绕过安全警告,阻止页面加载到iframe中。

这是我提出的,但它没有用。

function myObserverXFrame()
{
    this.register();
}

myObserverXFrame.prototype =
{
    observe: function(aSubject, aTopic, aData)
    {
        var channel = aSubject.QueryInterface(Components.interfaces.nsIHttpChannel);
            //console.log("observing");
            try
            { // getResponseHeader will throw if the header isn't set

                hasXFO = channel.getResponseHeader('X-Frame-Options');

                if (hasXFO)
                {
                    // Header found, disable it
                    channel.setResponseHeader('X-Frame-Options', '', false);
                }
            }
            catch (e) {}
        }
    },
    register: function()
    {
        var observerService = Components.classes["@mozilla.org/observer-service;1"].getService(Components.interfaces.nsIObserverService);
        observerService.addObserver(this, "http-on-examine-response", false);
        observerService.addObserver(this, "http-on-examine-cached-response", false);
    },
    unregister: function()
    {

    }
}
var observer = new CommandLineObserver();
//addEventListener("unload", observer.unregister, false);

感谢。

0 个答案:

没有答案
相关问题
最新问题