How do I disable XSS/"Same Origin" checking on Chrome?

google-chrome iframe xss
6,098

X-frame-options is anti-clickjacking, not XSS. The page refuses to be displayed in an iframe. Can you use a popup window instead?

Share:
6,098
David Faux
Author by

David Faux

Updated on September 18, 2022

Comments

  • David Faux
    David Faux over 1 year

    I am trying to access the contents of HTML tags within an iframe on a page I am developing. The parent and iframed pages have the same root domain, but different subdomains. I cannot alter the iframed page, but I can alter the parent page.

    To this end, I opened Chrome via 

    open -a Google\ Chrome --args --disable-web-security

    to let Chrome ignore the Same Origin Policy pertinent to accessing elements in an Iframe. However, Chrome still returns an error when I try to access the elements of the Iframe:

    Uncaught Error: SECURITY_ERR: DOM Exception 18
Refused to display document because display forbidden by X-Frame-Options.

    How do I tell Chrome to completely ignore XSS checking? Can I use command line arguments? This page on Dropbox illustrates my intention. I am trying to access the contents of the iframe. http://dl.dropbox.com/u/1531353/Misc/subDomainFrameAccess/index.html

    • kinokijuf
      kinokijuf almost 11 years
      You don’t do this.
  • David Faux
    David Faux about 12 years
    Thanks, that makes sense. I don't think I can use a popup since I'm scraping data off of a web page. Nonetheless, I've resorted to manually recording data.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Chrome and Firefox are not displaying most PDF documents in an iframe
WebDriverException: target frame detached while interacting with elements within iframe using ChromeDriver Chrome and Selenium
Unsafe JavaScript attempt to access frame in Google Chrome
Internet Explorer X-Frame-Options ALLOW-FROM not working in IE 11 and Edge
Set focus on iframe in Chrome
How to disable XSS auditor in chrome v60 (09/2017)?
iframe.contentWindow.document Chrome alternative?
Chrome bug: iframe rendering lines on screen when scrolling up
Set iframe to height of content for remote content
How to get the element inside an iframe element in Javascript?