x-frame-options bypass
Home Page: https://medium.com/@alexcambose/bypassing-x-frame-options-4934dd852618
License: MIT License
x-frame-options bypass
npm install
npm run start
instead of using iframe source with the actual link of the website:
<iframe src="https://example.com/"></iframe>use
<iframe src="http://localhost:3000?url=https://example.com/"></iframe>
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Hello,
i am uaable to load youtube and netflix.Receiving the error your browser is not supported or i am guessing cookies are not processed correctly.
Is there a way to fix this?
Regards,
Markus
The project works initially but overall fails. It does not load fonts, CSS, and JS. Below are the errors I got from testing one site.
Please fix!
Thanks,
JAS
Refused to load the stylesheet '<URL>' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' <URL>". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
localhost/:1 Refused to load the stylesheet 'http://localhost/?url=https://lichess1.org/assets/_jq4ChM/css/site.light.min.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' https://lichess1.org". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
localhost/:1 Refused to load the stylesheet 'http://localhost/?url=https://lichess1.org/assets/_jq4ChM/css/lobby.light.min.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' https://lichess1.org". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
localhost/:1 Refused to load the stylesheet 'http://localhost/?url=https://lichess1.org/assets/_jq4ChM/piece-css/cburnett.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' https://lichess1.org". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
localhost/:1 Refused to load the stylesheet 'http://localhost/?url=https://lichess1.org/assets/_jq4ChM/css/site.light.min.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' https://lichess1.org". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
localhost/:1 Refused to load the stylesheet 'http://localhost/?url=https://lichess1.org/assets/_jq4ChM/css/lobby.light.min.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' https://lichess1.org". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
localhost/:1 Refused to load the stylesheet 'http://localhost/?url=https://lichess1.org/assets/_jq4ChM/piece-css/cburnett.css' because it violates the following Content Security Policy directive: "style-src 'self' 'unsafe-inline' https://lichess1.org". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
localhost/:1 Refused to load the font 'http://localhost/?url=https://lichess1.org/assets/_jq4ChM/font/lichess.woff2' because it violates the following Content Security Policy directive: "default-src 'self' https://lichess1.org". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
localhost/:1 Refused to load the font 'http://localhost/?url=https://lichess1.org/assets/_jq4ChM/font/lichess.chess.woff2' because it violates the following Content Security Policy directive: "default-src 'self' https://lichess1.org". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
localhost/:1 Refused to load the script 'http://localhost/?url=https://lichess1.org/assets/_jq4ChM/compiled/lichess.min.js' because it violates the following Content Security Policy directive: "script-src 'nonce-UXzA4tay8Sk8VgDorZCKymGw' 'self' https://lichess1.org". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
localhost/:1 Refused to load the script 'http://localhost/?url=https://lichess1.org/assets/_jq4ChM/compiled/lobby.min.js' because it violates the following Content Security Policy directive: "script-src 'nonce-UXzA4tay8Sk8VgDorZCKymGw' 'self' https://lichess1.org". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
localhost/:1 Failed to load resource: net::ERR_CONNECTION_REFUSED
localhost/:1 Failed to load resource: net::ERR_CONNECTION_REFUSED
localhost/:1 Failed to load resource: net::ERR_CONNECTION_REFUSED
1:3 Refused to load the script 'https://ssl.google-analytics.com/ga.js' because it violates the following Content Security Policy directive: "script-src 'nonce-UXzA4tay8Sk8VgDorZCKymGw' 'self' https://lichess1.org". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
(anonymous) @ 1:3
1:3 Refused to load the script 'http://www.pagespeed-mod.com/v1/taas?id=cs&ak=55c85bbdd6e4d21e7278fbbbb89a9502&si=fb4741a02e044f61940836e20590e7f6&tag=1005&rand=75159da722950d6d1bed603b1040529e&ord=1372444829828016.8' because it violates the following Content Security Policy directive: "script-src 'nonce-UXzA4tay8Sk8VgDorZCKymGw' 'self' https://lichess1.org". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
(anonymous) @ 1:3
?url=http://lichess.org/:6 Uncaught (in promise) ReferenceError: LichessLobby is not defined
at ?url=http://lichess.org/:6
localhost/:1 Refused to load manifest from 'http://localhost/?url=http://lichess.org/manifest.json' because it violates the following Content Security Policy directive: "default-src 'self' https://lichess1.org". Note that 'manifest-src' was not explicitly set, so 'default-src' is used as a fallback.
/?url=https://lichess1.org/assets/_jq4ChM/logo/lichess-favicon-32.png:1 Failed to load resource: net::ERR_CONNECTION_REFUSED
/?url=https://lichess1.org/assets/_jq4ChM/logo/lichess-favicon-64.png:1 Failed to load resource: net::ERR_CONNECTION_REFUSED
/?url=https://lichess1.org/assets/_jq4ChM/logo/lichess-favicon-128.png:1 Failed to load resource: net::ERR_CONNECTION_REFUSED
/?url=https://lichess1.org/assets/_jq4ChM/logo/lichess-favicon-192.png:1 Failed to load resource: net::ERR_CONNECTION_REFUSED
/?url=https://lichess1.org/assets/_jq4ChM/logo/lichess-favicon-256.png:1 Failed to load resource: net::ERR_CONNECTION_REFUSED
/?url=https://lichess1.org/assets/_jq4ChM/logo/lichess-favicon-512.png:1 Failed to load resource: net::ERR_CONNECTION_REFUSED
localhost/:1 Refused to load manifest from 'http://localhost/?url=http://lichess.org/manifest.json' because it violates the following Content Security Policy directive: "default-src 'self' https://lichess1.org". Note that 'manifest-src' was not explicitly set, so 'default-src' is used as a fallback.
Opening a index.html file in computer works great. I Can´t "listen" the port 3000 on portchecker even I set free on firewall/moden
By that I mean without the need of a node.js server?
Thanks
everything besides the actual site is not requested with the port so does not display
a fix would be adding the port to theline which alters the request urls
return ` ${p1}="${req.protocol}://${req.hostname}:${port}?url=${newUrl}"`;
encoding does not seem right
i used "iso88592" and data = iso88592.decode(data.toString('binary')); to decode the content but that does not seem to work always
google and many other sites dont use their full url to redirect but only use /?searchquery=something which does not get processed by express and axios.
It would be awesome if you could spend a few minutes and update this repository!
Pinging back the following:
[root@secure ~]# npm run start
[email protected] start /root
node index.js
Listening on port 3000!
GET /?url=https://example.com/ 200 1291 - 119.475 ms
TypeError: URL is not a constructor
at data.toString.replace (/root/index.js:40:43)
at RegExp.[Symbol.replace] (native)
at RegExp.[Symbol.replace] (native)
at String.replace (native)
at axios.get.then (/root/index.js:33:40)
at process._tickCallback (internal/process/next_tick.js:109:7)
can you please add functionality for loading CSS and js files from that specific website and open the request for other queries of that website?
Hello,
when i try to load any website with the iframe code the website goes in loading loop. Theres no response. In wireshark i see successfull tls handshake, but after it a connection RST.
in npm cli this is displayed:
GET /?url=http://url.com - - - - ms
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.