How to work around SAMEORIGIN

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

How to work around SAMEORIGIN

Postby tiplip » Sun Jan 01, 2017 6:04 am

hi,

version: cef_binary_3.2883.1540.gedbfb20_windows32
os: win7

I register my scheme, there is a iframe with src=''http://tb1.9vcpp.cn/public/login' in my local html

when I try to load it, console will report:
Refused to display 'http://tb1.9vcpp.cn/public/login' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.

my code is:
Code: Select all
  CefRegisterSchemeHandlerFactory("http", "happ", new HappSchemeHandlerFactory());
  CefAddCrossOriginWhitelistEntry("http://happ", "http", "tb1.9vcpp.cn", true);


but it does not work.

is there any way to work around SAMEORIGIN?
tiplip
Mentor
 
Posts: 76
Joined: Thu Mar 26, 2015 3:09 am

Re: How to work around SAMEORIGIN

Postby amaitland » Sun Jan 01, 2017 2:53 pm

Change your scheme to use domain tb1.9vcpp.cn and `return null` for requests that aren't for your custom resources.
Maintainer of the CefSharp project.
amaitland
Virtuoso
 
Posts: 1290
Joined: Wed Jan 14, 2015 2:35 am

Re: How to work around SAMEORIGIN

Postby tiplip » Sun Jan 01, 2017 6:47 pm

amaitland wrote:Change your scheme to use domain tb1.9vcpp.cn and `return null` for requests that aren't for your custom resources.


hi, thanks for your reply.

I return false in my schemehander, but requests for true tb1.9vcpp.cn seems not to sent out

Code: Select all
bool HappSchemeHandler::ProcessRequest(CefRefPtr<CefRequest> request,
                            CefRefPtr<CefCallback> callback) {

return false


so, where return null can let cef send requests to true remote site?

thanks.
tiplip
Mentor
 
Posts: 76
Joined: Thu Mar 26, 2015 3:09 am

Re: How to work around SAMEORIGIN

Postby tiplip » Sun Jan 01, 2017 7:14 pm

if return null in HappSchemeHandlerFactory::Create, there will be

Page failed to load.

URL: http://tb1.9vcpp.cn/public/login
Error: UNKNOWN (-130)
tiplip
Mentor
 
Posts: 76
Joined: Thu Mar 26, 2015 3:09 am

Re: How to work around SAMEORIGIN

Postby amaitland » Sun Jan 01, 2017 7:18 pm

Pretty sure it used to work.

You can always switch to using CefRequestHandler::GetResourceHandler

apidocs3/projects/(default)/CefRequestHandler.html#GetResourceHandler(CefRefPtr<CefBrowser>,CefRefPtr<CefFrame>,CefRefPtr<CefRequest>)
Maintainer of the CefSharp project.
amaitland
Virtuoso
 
Posts: 1290
Joined: Wed Jan 14, 2015 2:35 am

Re: How to work around SAMEORIGIN

Postby tiplip » Sun Jan 01, 2017 7:44 pm

hi,

I write like this, if return null line is hit,
Code: Select all
CefRefPtr<CefResourceHandler> ClientHandler::GetResourceHandler(
    CefRefPtr<CefBrowser> browser,
    CefRefPtr<CefFrame> frame,
    CefRefPtr<CefRequest> request) {
  CEF_REQUIRE_IO_THREAD();
 
  URI uri(request->GetURL());
  std::string fileName = uri.getPath();
  if (startsWith(fileName, HappSchemeHandlerFactory::REMOTE_HOME)
    || startsWith(fileName, HappSchemeHandlerFactory::REMOTE_PUBLIC)) {
    return NULL;
  } else {

    return resource_manager_->GetResourceHandler(browser, frame, request);
  }
}


I will get headers like this, status is cancelled for request.

Code: Select all
Request URL:http://tb1.9vcpp.cn/public/login
Request Headers
Provisional headers are shown
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Referer:http://tb1.9vcpp.cn/index_baidu.html
Upgrade-Insecure-Requests:1
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.110 Safari/537.36
tiplip
Mentor
 
Posts: 76
Joined: Thu Mar 26, 2015 3:09 am

Re: How to work around SAMEORIGIN

Postby amaitland » Sun Jan 01, 2017 11:19 pm

Structurally the code looks fine. Check your resource manager is actually returning a value.

Make sure you've removed your scheme handler registration also.

Is there a reason your still using a 2623 build?
Maintainer of the CefSharp project.
amaitland
Virtuoso
 
Posts: 1290
Joined: Wed Jan 14, 2015 2:35 am


Return to Support Forum

Who is online

Users browsing this forum: Google [Bot] and 42 guests