I'm trying to load http://google.com in iframe with "file://" domained page. Ofcourse i got "Google.com did not allow" error. I already tried reverse proxy but i think reverse proxy does it not make sense.
After then, i'm researched over a few hours about disable or bypass the "Cross origin policy" in webkit gtk.
I tried some solutions in this manual page, https://webkitgtk.org/reference/webkit2gtk/stable/WebKitSettings.html
so, i tried to add this block in WebKitSettings
WebKitSettings *settings =
webkit_web_view_get_settings(WEBKIT_WEB_VIEW(webview));
webkit_settings_set_allow_file_access_from_file_urls(settings, true);
webkit_settings_set_allow_file_access_from_file_urls(settings,true);
but it does not work. I still can't connect to google.com (or any cors protected website) in iframe.
According to my last research, Webkit GTK manual there is a few little trick about this. It is mentioned as property
(allow-file-access-from-file-urls)
but i can't figure it out how to implement my code.
Editing:
i add this line in my code
webkit_settings_set_allow_universal_access_from_file_urls(settings,true);
now i also got "Connection refused in a frame because it set X-Frame-Options to SAMEORIGIN" error. How can i set it in webkitgtk for cross origin ?
As already pointed out in the comments, CORS policy can't be bypassed.
You won't be able to load in an iframe any site that is properly configured to prevent that.
The only way to get around this would be to make a server-side request from a website you own to the website you'd like to display, have your site configured with the correct X-Frame-Options and make it return what it fetched from the site that should be displayed.
A sort of proxy, that still is hugely error-prone.
I made a quick proof of concept in PHP.
At https://lucasreta.com/test/google.com we have the following script, which retrieves the contents of google.com, parses and displays them:
And at https://lucasreta.com/test/google.com/iframe we include what is returned above in our iframe: