Added: Protective header removal to allow iframes

joshdick / miniProxy

🚨⚠️ UNMAINTAINED! ⚠️🚨 A simple PHP web proxy.

http://joshdick.github.io/miniProxy

GNU General Public License v3.0

860 stars 544 forks source link

Added: Protective header removal to allow iframes #110

Closed daanggc closed 4 years ago

daanggc commented 6 years ago

Removes the following header:

X-Frame-Options
Content-Security-Policy

This allows sources that have these headers set to be displayed in an iframe.

joshdick commented 6 years ago

Not sure how I feel about these changes, since they remove the security restrictions intended by these headers. This may improve proxy compatibility, but would be less secure for general use.

BelleNottelling commented 6 years ago

Could be an optional toggle?

daanggc commented 6 years ago

A toggle would be a good option, in my case I just needed this for two weeks, after that, I got my project domain added to those security headers.

A toggle that is default set to disable would make sure the user that provides the proxy is aware of what he/she is doing.