NWJS - "Refused to display ... in a frame" error

Question

I am attempting to display a webpage from a device on my local network in an iframe. However I get:

"Refused to display 'http://192.168.1.252/' in a frame because it set 'X-Frame-Options' to 'sameorigin'.", source: chrome-error://chromewebdata/ (1)

I have followed the documentation regarding setting up node frames https://docs.nwjs.io/en/latest/For%20Users/Advanced/Security%20in%20NW.js/

My manifest file:

{
  "name": "AppApp",
  "description": "AppApp",
  "version": "0.0.1",
  "icon": "icons/app.icns",
  "main": "html/main.html",
  "chromium-args": "--enable-logging=stderr --enable-spell-checking",
  "window": {
    "toolbar": false,
    "width": 800,
    "height": 500
  },
  "nodejs": true,
  "node-remote": "*://*"
}

iframe HTML:

<iframe src="http://192.168.1.252/"></iframe>

Is there more that I need to do to bypass the same origin policy?

Answer 1

This is a bug, and a workaround is provided here:

https://github.com/nwjs/nw.js/issues/7049

"The X-Frame-Options workaround should be used in an iframe with the nwfaketop property."

According to the bug, if X-Frame-Options: Deny there isn't a problem, it is only if X-Frame-Options: sameorigin when the problem exists, and the nwfaketop workaround must be used.

(Note, I observed that using --disable-web-security in chromium-args caused the page to not load properly, so I removed it.)