search

MartinWie / Framer

A chrome extension that lets the user drop X-Frame-Options and Content-Security-Policy HTTP response headers for special sites, allowing advanced development and pages to be iframed.
31 stars 4 forks source link

Modification for kiosk mode on ChromeOS (Google Workspace) #2

Closed Svangeel89 closed 5 months ago

Svangeel89 commented 5 months ago

Hello Martin,

First I want to thank you for this extension! However, I have a specific story and unfortunately due to my limited knowledge I am unable to realize this. I will explain the situation below.

I created a web application myself (kiosk4school.be). We load these to our students in the kiosk mode of Google Workspace for our Chromebook so that students can take digital tests and exams in a safe environment.

Now I would like to load this extension so that we can add any website as a source in an iframe. There is no option to add URLs in the kiosk.

What do we want to achieve: An adjustment in the code so that the x-frame headers are removed by default for every website out of the box. After days of trying to adjust your code, I have to give up. Could you help me with this or write custom code that takes care of this?

The fact is that we will only use this within this kiosk environment, and the teachers will only add reliable websites as sources in Kiosk4School, so I do not foresee any problems with this in terms of safety.

You would help me and us teachers enormously with this.

Thank you in advance for reading this.

Greetings, Shane Van Geel

MartinWie commented 5 months ago

Hi Shane, is it important that the extension is available in the Google Chrome store?

If not, create a manifest V2 extension and use the following code:

let headersToRemove = [
  'content-security-policy',
  'x-frame-options',
];

chrome.webRequest.onHeadersReceived.addListener(
  details => ({
    responseHeaders: details.responseHeaders.filter(header =>
        !headersToRemove.includes(header.name.toLowerCase()))
  }),
  {
    urls: ['<all_urls>']
  },
  ['blocking', 'responseHeaders', 'extraHeaders']);

Hope this helps.

If you are looking for an alternative solution, please specify what exactly is not working, what you tried to make it work, and what the exact goal would be.

I am currently extremely busy, so my response time may vary.

P.S. if you like the project, you would make my day if you give the repository a "star" ⭐

Svangeel89 commented 5 months ago

Hi Shane, is it important that the extension is available in the Google Chrome store?

If not, create a manifest V2 extension and use the following code:

let headersToRemove = [
  'content-security-policy',
  'x-frame-options',
];

chrome.webRequest.onHeadersReceived.addListener(
  details => ({
    responseHeaders: details.responseHeaders.filter(header =>
        !headersToRemove.includes(header.name.toLowerCase()))
  }),
  {
    urls: ['<all_urls>']
  },
  ['blocking', 'responseHeaders', 'extraHeaders']);

Hope this helps.

If you are looking for an alternative solution, please specify what exactly is not working, what you tried to make it work, and what the exact goal would be.

I am currently extremely busy, so my response time may vary.

P.S. if you like the project, you would make my day if you give the repository a "star" ⭐

Wow Martin!

I really appreciate you answering so quickly! And not only that, your solution is perfect and I can certainly continue with it. The intention is to host the extension myself and add it with a URL within Google Workspace, so this should be possible with manifest V2.

Ps, the star is coming! Love from Belgium <3

MartinWie commented 5 months ago

Hi Shane, thanks for the swift feedback! :)

Cool, happy to hear that this helps.

I will close this issue, but please don't hesitate to reopen if you have further questions.

P.S. If you ever need a more sophisticated solution, that can be hosted in the Google Chrome Store, automatically rolled out and manage the URL's from a centralized service, ping me for some freelancing gig.

Cheers, Martin

Svangeel89 commented 5 months ago

Hi Martin,

I was very excited. I tested everything in Chrome on Windows and on ChromeOS and it worked fine, but when I tested my extension in Kiosk mode of ChromeOS, the extension didn't seem to do anything at all. Can you help me with this, or can we make contact to show exactly what the intention is, or possibly have something custom made for a fee?

chromeos-kiosk-nok chromeos-ok win-ok workspace

MartinWie commented 4 months ago

Hi, I am currently overbooked, (For the next 8–12 weeks, no chance to squeeze that in, sorry) I tried to reproduce the issue, but I don't have the proper setup. So here, maybe you can fix/debug this yourself:

It looks like a permissions issue.(Unclear if it is even possible to use the chrome.webRequest API in Kiosk mode, the documentation was a bit unclear to me.)

You can try to inspect the extensions details for any errors (chrome://extensions/) after you open the target URL and the extension fails to drop the headers, there should be some logs. If nothing shows up there, try to log something on page load and see if this gets executed

Alternatively, you can try to use the chrome.declarativeNetRequest API and see if this works in kiosk mode. (If this works, you can use updateSessionRule to enable IFrames, for details, checkout the code in this repository).

I hope this helps, good luck.