From d0b5c34a9902c36374bf61ccc9394601f68c7898 Mon Sep 17 00:00:00 2001
From: ThomazPom <Thomas.benhamou@hotmail.fr>
Date: Sun, 28 Jul 2019 14:56:41 +0200
Subject: [PATCH] 1.5 : Added parent domain whitelist

---
 background.js |  88 +++++++++++++++++------------------
 manifest.json |   2 +-
 popup.html    | 126 ++++++--------------------------------------------
 popup.js      |  22 ++++++---
 readme.md     |   1 +
 5 files changed, 77 insertions(+), 162 deletions(-)

diff --git a/background.js b/background.js
index 7ce809a..908011d 100644
--- a/background.js
+++ b/background.js
@@ -1,56 +1,56 @@
 var defaultRgx =  ["http://*/*", "https://*/*"].join('\n')
-var regexpesarray = [];
-function updateRegexpes(save)
-{
-   browser.storage.local.get("regstr", function(res) {
-      var  regstr = (res.regstr || defaultRgx);
-
-    regexpesarray = [];
-    var regexpesarray = regstr.split("\n")
-    console.log(regexpesarray)
+var defaultRgx_fancestor =  ["http://*", "https://*"].join('\n')
 
-    browser.webRequest.onHeadersReceived.removeListener(setHeader)
-    browser.webRequest.onHeadersReceived.addListener(setHeader,
-      {urls : regexpesarray},
-      ["blocking", "responseHeaders"]
-      );
-  });
+function updateRegexpes()
+{
+	browser.storage.local.get("regstr_fancestor", function(res) {
+		regstr_fancestor = (res.regstr_fancestor || defaultRgx_fancestor).split("\n").join(" ");
+	});
+	browser.storage.local.get("regstr", function(res) {
+		var  regstr = (res.regstr || defaultRgx);
+		var regexpesarray = regstr.split("\n");
+		browser.webRequest.onHeadersReceived.removeListener(setHeader)
+		browser.webRequest.onHeadersReceived.addListener(
+			setHeader,
+			{urls : regexpesarray},
+			["blocking", "responseHeaders"]
+		);
+	});
 }
 function setHeader(e) {
-  for (var header of e.responseHeaders) {
-    if (header.name.toLowerCase() === "x-frame-options") {
-      header.value = "ALLOW";
-    }
-    else if(header.name.toLowerCase() === "content-security-policy")
-    {
-      header.value = header.value.replace(/frame-ancestors[^;]*;?/, "frame-ancestors http://* https://*;")
-    }
-  }
-  var myHeader = {
-    name: "x-frame-options",
-    value: "ALLOW"
-  };
-  e.responseHeaders.push(myHeader);
-  return {responseHeaders: e.responseHeaders};
+	var headersdelete = ["x-frame-options","content-security-policy"] 
+	e.responseHeaders= e.responseHeaders.filter(x=>!headersdelete.includes(x.name.toLowerCase()))
+	e.responseHeaders.push({
+		name: "x-frame-options",
+		value: "ALLOW"
+	});
+	e.responseHeaders.push({
+    	name: "content-security-policy",
+    	value: "frame-ancestors "+regstr_fancestor+";"
+  	});
+	return {responseHeaders: e.responseHeaders};
 }
 // Listen for onHeaderReceived for the target page.
 // Set "blocking" and "responseHeaders".
 updateRegexpes();
-console.log("Loaded")
 var portFromCS;
 function connected(p) {
-  portFromCS = p;
-  //portFromCS.postMessage({greeting: "hi there content script!"});
-  portFromCS.onMessage.addListener(function(m) {
-    if(m.updateRegexpes)
-    {
-
-      browser.storage.local.set({"regstr":m.updateRegexpes}, function(res) {
-        updateRegexpes();
-      });
-
-
-  }
-});
+	portFromCS = p;
+	portFromCS.onMessage.addListener(function(m) {
+		if(m.updateRegexpes)
+		{
+			browser.storage.local.set(
+				{
+					"regstr":m.updateRegexpes,
+				},
+				()=>{
+					browser.storage.local.set(
+					{
+						"regstr_fancestor":m.updateRegexpes_fancestor
+					},updateRegexpes);		
+				}
+			);
+		}		
+	});
 }
 browser.runtime.onConnect.addListener(connected);
diff --git a/manifest.json b/manifest.json
index a34f5ec..fde9fe2 100644
--- a/manifest.json
+++ b/manifest.json
@@ -1,7 +1,7 @@
 {
   "manifest_version": 2,
   "name": "Ignore X-Frame-Options",
-  "version": "1.4.1",
+  "version": "1.5",
   "description": "Allows all sites to be loaded in iframes, despite X-Frame-Options header settings.",
   "homepage_url": "https://github.com/ThomazPom/Moz-Ext-Ignore-X-Frame-Options",
   "icons": {
diff --git a/popup.html b/popup.html
index ba5267b..bad3fcb 100644
--- a/popup.html
+++ b/popup.html
@@ -15,87 +15,7 @@
     		}
     
 
-html,
-body,
-div,
-span,
-applet,
-object,
-iframe,
-h1,
-h2,
-h3,
-h4,
-h5,
-h6,
-p,
-blockquote,
-pre,
-a,
-abbr,
-acronym,
-address,
-big,
-cite,
-code,
-del,
-dfn,
-em,
-img,
-ins,
-kbd,
-q,
-s,
-samp,
-small,
-strike,
-strong,
-sub,
-sup,
-tt,
-var,
-b,
-u,
-i,
-center,
-dl,
-dt,
-dd,
-ol,
-ul,
-li,
-fieldset,
-form,
-label,
-legend,
-table,
-caption,
-tbody,
-tfoot,
-thead,
-tr,
-th,
-td,
-article,
-aside,
-canvas,
-details,
-embed,
-figure,
-figcaption,
-footer,
-header,
-hgroup,
-menu,
-nav,
-output,
-ruby,
-section,
-summary,
-time,
-mark,
-audio,
-video {
+html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, img, ins, kbd, q, s, samp, small, strike, strong, sub, sup, tt, var, b, u, i, center, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td, article, aside, canvas, details, embed, figure, figcaption, footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video {
 	margin: 0;
 	padding: 0;
 	border: 0;
@@ -104,17 +24,7 @@
 	vertical-align: baseline;
 }
 
-article,
-aside,
-details,
-figcaption,
-figure,
-footer,
-header,
-hgroup,
-menu,
-nav,
-section {
+article, aside, details, figcaption, figure, footer, header, hgroup, menu, nav, section {
 	display: block;
 }
 
@@ -122,20 +32,15 @@
 	line-height: 1;
 }
 
-ol,
-ul {
+ol, ul {
 	list-style: none;
 }
 
-blockquote,
-q {
+blockquote, q {
 	quotes: none;
 }
 
-blockquote:before,
-blockquote:after,
-q:before,
-q:after {
+blockquote:before, blockquote:after, q:before, q:after {
 	content: '';
 	content: none;
 }
@@ -145,8 +50,7 @@
 	border-spacing: 0;
 }
 
-body,
-html {
+body, html {
 	height: 100%;
 }
 
@@ -200,8 +104,7 @@
 	text-shadow: 0px 1px 1px #888;
 }
 
-.btn span.icon,
-.btn span.title {
+.btn span.icon, .btn span.title {
 	display: block;
 	position: relative;
 	line-height: 50px;
@@ -240,8 +143,7 @@
 	background-color: #00cdae;
 }
 
-.btn span.arrow-left,
-.btn span.arrow-right {
+.btn span.arrow-left, .btn span.arrow-right {
 	position: absolute;
 	width: 0;
 	height: 0;
@@ -281,8 +183,7 @@
 	border-left: 10px solid #00cdae;
 }
 
-.btn span.slant-left,
-.btn span.slant-right {
+.btn span.slant-left, .btn span.slant-right {
 	position: absolute;
 	width: 0;
 	height: 0;
@@ -322,8 +223,7 @@
 	border-right: 10px solid #00967f;
 }
 
-.btn:active,
-.btn.active {
+.btn:active, .btn.active {
 	height: 51px;
 }
 
@@ -359,7 +259,7 @@
 	text-align: center;
 	display: block;
 }
-.listextarea
+.listextarea, .listextarea_fancestor
 {
 	width: 85%;
 	margin-left: 5%;
@@ -396,6 +296,10 @@
       <p class="label" id="warning" style="background-color: red"></p>
       <textarea class="listextarea"></textarea>
   </div>
+  <div class="content">
+      <span class="label">Websites allowed to frame them</span>
+      <textarea class="listextarea_fancestor"></textarea>
+  </div>
 
     <script type="text/javascript" src="popup.js"></script>
   </script>
diff --git a/popup.js b/popup.js
index 68e6c6f..576b4f8 100644
--- a/popup.js
+++ b/popup.js
@@ -1,18 +1,28 @@
-// content-script.js
 var defaultRgx =  ["http://*/*", "https://*/*"].join('\n')
+var defaultRgx_fancestor =  ["http://*", "https://*"].join('\n')
+
 var myPort = browser.runtime.connect({name:"port-from-cs"});
-myPort.onMessage.addListener(function(m) {
-  document.querySelector("#warning").innerText=m.message
+
+
+browser.storage.local.get("regstr_fancestor", function(res) {
+  var regstr_fancestor = (res.regstr_fancestor || defaultRgx_fancestor);
+  document.querySelector(".listextarea_fancestor").value=regstr_fancestor;
 });
 browser.storage.local.get("regstr", function(res) {
-  regstr = (res.regstr || defaultRgx);
+  var regstr = (res.regstr || defaultRgx);
   document.querySelector(".listextarea").value=regstr;
 });
 window.onload= function()
 {
   txarea = document.querySelector(".listextarea");
-  txarea.onkeyup = txarea.onchange = function(){
+  txarea_fancestor = document.querySelector(".listextarea_fancestor");
+  txarea.onkeyup = txarea.onchange = txarea_fancestor.onkeyup = txarea_fancestor.onchange
+  = function(){
     regstr = txarea.value.trim()
-    myPort.postMessage({updateRegexpes: regstr}); 
+    regstr_fancestor = txarea_fancestor.value.trim()
+    myPort.postMessage({
+    	updateRegexpes: regstr,
+    	updateRegexpes_fancestor:regstr_fancestor
+    }); 
   }
 }
\ No newline at end of file
diff --git a/readme.md b/readme.md
index 041689d..87b96f5 100644
--- a/readme.md
+++ b/readme.md
@@ -11,6 +11,7 @@ The extension allows you to load remote content in iframes even if the server di
 - 1.2 : [Added regexp based whitelist](https://github.com/ThomazPom/Moz-Ext-Ignore-X-Frame-Options/issues/1)
 - 1.3 : Minor fixes
 - 1.4 : Added frame-ancestor support
+- 1.5 : Added parent domain whitelist (https://github.com/ThomazPom/Moz-Ext-Ignore-X-Frame-Options/issues/4)
 
 # Downloads
 - [Download with firefox](https://addons.mozilla.org/fr/firefox/addon/ignore-x-frame-options-header/)