How do I disable XSS/"Same Origin" checking on Chrome?
X-frame-options is anti-clickjacking, not XSS. The page refuses to be displayed in an iframe. Can you use a popup window instead?
David Faux
Updated on September 18, 2022Comments
-
David Faux over 1 year
I am trying to access the contents of HTML tags within an iframe on a page I am developing. The parent and iframed pages have the same root domain, but different subdomains. I cannot alter the iframed page, but I can alter the parent page.
To this end, I opened Chrome via
open -a Google\ Chrome --args --disable-web-security
to let Chrome ignore the Same Origin Policy pertinent to accessing elements in an Iframe. However, Chrome still returns an error when I try to access the elements of the Iframe:
Uncaught Error: SECURITY_ERR: DOM Exception 18 Refused to display document because display forbidden by X-Frame-Options.
How do I tell Chrome to completely ignore XSS checking? Can I use command line arguments? This page on Dropbox illustrates my intention. I am trying to access the contents of the iframe. http://dl.dropbox.com/u/1531353/Misc/subDomainFrameAccess/index.html
-
kinokijuf almost 11 yearsYou don’t do this.
-
-
David Faux about 12 yearsThanks, that makes sense. I don't think I can use a popup since I'm scraping data off of a web page. Nonetheless, I've resorted to manually recording data.