MagicMirror

mirror of https://github.com/MichMich/MagicMirror.git synced 2025-06-27 03:39:55 +00:00

History

Thomas Hirschberger b9b7d2c95d

Add option to remove "x-frame-options" and "content-security-policy" response headers (#2963 )

Many users like me do have the problem that they want to embed other
sites to their mirror by "iframe".
As some developers set the "x-frame-options" and
"content-security-policy" for security reasons these sites can not be
embedded.
Electron provides the "webview" element additionally to "iframe" which
allows to embed these sites although. The main difference is that a new
process is started which handles the "webview" element.
BUT: As the "webview" process needs to be started and is isolated
"webview" is slower and the elements can not be accessed from the
embedding website.

As an alternative i implemented a small callback function in electron.js
which removes the response headers that forbid the embedding.

The removing can be controlled with the new config options:
* ignoreXOriginHeader
* ignoreContentSecurityPolicy

2022-11-07 07:42:27 +01:00

app.js

Make the e2e tests wait for the app to start and close before running next test (#2952 )

2022-10-29 22:34:17 +02:00

check_config.js

Magic Mirror -> MagicMirror²

2022-01-26 23:09:26 +01:00

class.js

More var -> let/const conversions

2021-07-14 10:41:29 +02:00

defaults.js

added a new config option httpHeaders used by helmet