capacitor-plugin-xframe
Advanced tools
Capacitor plugin to bypass CORS & same origin policy for iframes.
Capacitor plugin to bypass CORS & same origin policy for iframe.
This plugin overrides the
shouldInterceptRequestbehavior of your webview.
As the core purpose of this plugin, shouldInterceptRequest needs to be leveraged to determine the outgoing requests and eliminate the X-Frame-Options and Content-Security-Policy headers present on the incoming responses for them to work in the embeded iframes.
npm install capacitor-plugin-xframe
npx cap sync
Add these options in either capacitor.config.json or capacitor.config.ts.
userAgentCustomize the outgoing requests' User-Agent header. Useful to modify the resulted responses.
{
...
"plugins": {
"Xframe": {
"userAgent": "<your_custom_user_agent>"
}
}
}
ignoreA list of domains/URLs to ignore from intercepting.
{
...
"plugins": {
"Xframe": {
"ignore": ["google.com", "https://www.facebook.com"]
}
}
}
register() => Promise<void>
Registers the plugin to your app.
Registering this plugin will override the shouldInterceptRequest behavior of your webview.
addListener(eventName: 'onLoad', listener: LoadEventListener) => Promise<PluginListenerHandle> & PluginListenerHandle
Listens to requests of document type and returns some useful information.
| Param | Type |
|---|---|
eventName | 'onLoad' |
listener | LoadEventListener |
Returns: Promise<PluginListenerHandle> & PluginListenerHandle
addListener(eventName: 'onError', listener: ErrorEventListener) => Promise<PluginListenerHandle> & PluginListenerHandle
Listens to failed requests (of any type)
| Param | Type |
|---|---|
eventName | 'onError' |
listener | ErrorEventListener |
Returns: Promise<PluginListenerHandle> & PluginListenerHandle
| Prop | Type |
|---|---|
remove | () => Promise<void> |
| Prop | Type |
|---|---|
url | string |
title | string |
favicon | string |
| Prop | Type |
|---|---|
url | string |
statusCode | number |
message | string |
(eventData: LoadEventData): void
(eventData: ErrorEventData): void
FAQs
Capacitor plugin to bypass CORS & same origin policy for iframes.
We found that capacitor-plugin-xframe demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh joins Risky Business Weekly to unpack recent npm phishing attacks, their limited impact, and the risks if attackers get smarter.
Product
Socket’s new Tier 1 Reachability filters out up to 80% of irrelevant CVEs, so security teams can focus on the vulnerabilities that matter.
Research
/Security News
Ongoing npm supply chain attack spreads to DuckDB: multiple packages compromised with the same wallet-drainer malware.