Closed Bug 1632333 Opened 4 years ago Closed 4 years ago

The fix from Bug 1595652 only works for the first load

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: kernp25, Unassigned)

Details

Attachments

(2 files)

E3tfjc9ZpS.mp4
552.79 KB, video/mp4
Details
manifest.zip
1.45 KB, application/x-zip-compressed
Details
Attached video E3tfjc9ZpS.mp4

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:75.0) Gecko/20100101 Firefox/75.0

Steps to reproduce:

  1. Install the test add-on
  2. Click on the icon

Actual results:

It will load the first page as expected. But if you navigate, then it will get blocked by the XFO.

Expected results:

Should also work for navigations.

Attached file manifest.zip

We're not going to automatically lift the X-Frame-Options restrictions for extensions. You'll have to use the webRequest.onHeadersReceived API to remove the header (but make sure to check the details, including originUrl to make sure that you're only removing the XFO header for requests from your extension.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: