given I have
const {app, BrowserWindow, session } = require('electron');
app.whenReady().then(async () => {
session.defaultSession.webRequest.onHeadersReceived((details, callback) => {
callback({
responseHeaders: {
...details.responseHeaders,
// 'Content-Security-Policy': ['script-src \'unsafe-inline\' \'self\';'],
'Content-Security-Policy': '*',
'Access-Control-Allow-Origin': '*',
'X-Frame-Options': 'ALLOW-FROM *'
}
});
});
const win = new BrowserWindow({
width: 800,
height: 600,
webPreferences: {
allowRunningInsecureContent: true,
sandbox: false,
webSecurity: false,
webviewTag: true
}
});
win.webContents.on('did-finish-load', () => {
win.webContents.executeJavaScript(`
const childWindow = window.open('https://example.com');
childWindow.addEventListener('message', console.log);
`);
});
await win.loadFile('main.html');
win.webContents.openDevTools({mode: 'detach', activate: true});
});
I am getting
VM172:1 Uncaught DOMException: Blocked a frame with origin "file://" from accessing a cross-origin frame.
at \<anonymous\>:1:13
(anonymous) @ VM172:1
How to disable it completely or set it up properly?
a lot (too much). Spent long hours to check different configuration and nothing works
