Loading Google Account Sign-In in an Iframe (Chrome Extension)

Question

The Problem
I have a chrome extension that loads in an iframe. The extension first loads a Google Login page. The page fails with the following error:

OAuth2:1 Refused to display 'https://accounts.google.com/o/oauth2/auth?...' in a frame because it set 'X-Frame-Options' to 'sameorigin'.

I realize that this is a limitation that google sets forth for security reason but in order to provide the user with a more seamless experience, is it possible to overcome it?

For reference, I am using passport with Google OAuth2 strategy:
const GoogleStrategy = require('passport-google-oauth2').Strategy;

Another possibility
One possibility of avoiding it that comes to mind would be to load the Google Login page in a new tab using target=_blank" but then, once the user logs in I'd like the tab to close and the iframe to to authorize the user into the app.

Option #1 is certainly preferable but I'm open for option #2. Any suggestions would certainly help

score 1 · Answer 1 · answered Aug 26 '17 at 13:48

1

The simplest that comes to mind is stripping out the incoming X-Frame-Options header by using webRequest: remove it during the onHeadersReceived step. Just keep in mind that usually it is done for good and do it only for your requests.

answered Aug 26 '17 at 13:48

smnbbrv

23,502
9
78
109

Loading Google Account Sign-In in an Iframe (Chrome Extension)

1 Answers1