Description: Use the chrome.webRequest API to observe and analyze traffic and to intercept, block, or modify requests in-flight.
That is an interesting extension. I don’t think we can add chrome extensions to Atom right now but I’m curious as to what you would want to use this for?
in short, WebBrowser.
I’ve tried to load an external URL to
DIV or set
src of iFrame, I’ve got an error:
Refused to display 'https://www.google.com/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
So, I go for a local proxy server running on node.js.
For the proxy server, what I need to do is to capture every
URL_REQUEST event fired in the browser page which is observable at
chrome://net-internals/#events, and redirect the request header to the localhost proxy server.
Do you know any workaround? or anyway to configure the security setting from API?
Atom Content Security Policy Error
You should be able to set the src of an iframe. Do you have an example package where this isn’t working?
Oh, very important feature request related to this topic that you probably can add immediately, I believe.
Plugin Permission setting on the installation.
For instance, I 've just released a plug-in that runs HTTP servers:
Every time the user enables this plug-in a Caution window pops up and forces user to chose
Do you want the application "ATOM Helper.app" to accept incoming network connection?
This is a bad user experience.
For Chrome Extensions, or Android Apps, this kind of Permission confirmation is presented only once on the installation, and I think such a manner is sufficient and decent.
Let the user confirm the security setting or permissions when they install the plugins.
For this Cross-domain or SAMEORIGIN security setting, plugins should takes over with a proper permission confirmation on the installation timing.
ATOM has huge potentials to open tons of doors, but without ability to open permissions, you just close the doors and lose the potential values.
I wish I get a good response from you on this. Thanks.
In this case, it seem to have no error for
Refused to display 'https://www.google.com/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN', but certainly fails for remote URIs. The localhost URL just works as expected.
PS, ok I see the error right now:
Refused to display ‘http://www.google.co.jp/?gfe_rd=cr&ei=dcwgU4q9Eo_S8gehi4HwBw’ in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN’.
Hi there, I want to bump the original question - are there any plans on adding chrome.webRequest? I need to load some external content in my app and I want to see what external requests for css/js does it do and modify/block them.