我使用建议的“app init”创建了一个简单的应用程序,然后我删除了预编译的ReactApp。该应用程序中有一个浏览器,它使用IFrame来托管导航的页面,但在某些页面中,它会发出以下错误:
拒绝在框架中显示'https://www.theverge.com/',因为它将'X-Frame-Options'设置为'sameorigin'。“,来源:http://localhost:5000/#/
https://content-security-policy.com/
上面的页面有一系列方法可以避免这种情况,并且Chromium有一个标志可以帮助,它会禁用安全性,并且在其他帖子和问题中提出的许多建议可能有助于解决此问题。
除此之外,还有可能编写一个可以解决这个问题的反向代理。
无论哪种方式,我需要知道的是,如果有办法通过“app”工具中的参数实现这一点,例如:
app --unsecure
app publish --unsecure
app publish-exe --unsecure
谢谢
我尝试了许多不同的选项,包括使用Custom .NET Core Desktop Apps添加了曾经工作的disable-web-security
开关:
static int Main(string[] args)
{
var host = new WebHostBuilder()
.UseKestrel()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.UseUrls("http://localhost:5000/")
.Build();
host.StartAsync();
var config = new CefConfig(Debug)
{
Args = args,
StartUrl = startUrl,
HideConsoleWindow = false,
OnBeforeCommandLineProcessing = (processType, commandLine) => {
commandLine.AppendSwitch("disable-web-security");
}
};
return CefPlatformWindows.Start(config);
}
但现在不再出现这种安全限制现在嵌入Blink内部。
我可以使用的唯一解决方案是使用一个代理来调用代理下游URL但忽略X-Frame-Options
头的内部.NET Core服务器。
这很容易使用ServiceStack的Proxy Feature,你可以在https://www.theverge.com上注册一个代理,用qzzxswpoi标头去除:
X-Frame-Options
这将允许您将The Verge嵌入您的应用程序中:
Plugins.Add(new ProxyFeature(
matchingRequests: req => req.PathInfo.StartsWith("/theverge"),
resolveUrl: req => $"https://www.theverge.com" + req.RawUrl.Replace("/theverge", "/")) {
IgnoreResponseHeaders = {
"X-Frame-Options"
}
});
这将按照预期在iframe中呈现TheVerge:
<iframe src="/theverge" style="width:100%; height:800px;" frameborder="0"></iframe>
Startup.cs
public class Startup
{
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseServiceStack(new AppHost());
app.Run(context =>
{
context.Response.Redirect("/metadata");
return Task.FromResult(0);
});
}
}
public class AppHost : AppHostBase
{
public AppHost() : base("MyApp", typeof(MyServices).Assembly) { }
public override void Configure(Container container)
{
Plugins.Add(new SharpPagesFeature());
Plugins.Add(new ProxyFeature(
matchingRequests: req => req.PathInfo.StartsWith("/theverge"),
resolveUrl: req => "https://www.theverge.com" +
req.RawUrl.Replace("/theverge", "/")) {
IgnoreResponseHeaders = {
"X-Frame-Options"
}
});
}
}
[Route("/hello")]
public class Hello : IReturn<HelloResponse>
{
public string Name { get; set; }
}
public class HelloResponse
{
public string Result { get; set; }
}
public class MyServices : Service
{
public object Any(Hello request) =>
new HelloResponse { Result = $"Hello, {request.Name}!" };
}
ServiceStack.CefGlue.Win64.AspNetCore.csproj
您还需要从<PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="2.*" />
<PackageReference Include="ServiceStack.CefGlue.Win64" Version="5.*" />
<PackageReference Include="ServiceStack" Version="5.*" />
<PackageReference Include="ServiceStack.CefGlue" Version="5.*" />
<PackageReference Include="ServiceStack.CefGlue.Win64" Version="5.*" />
<PackageReference Include="WinApi" Version="4.0.0" />
NuGet包中复制CEF二进制文件:
ServiceStack.CefGlue.Win64
<ItemGroup>
<Content Include="locales\*.*">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="swiftshader\*.*">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="*.pak">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="*.lib">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="*.dat">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="*.dll">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="*.bin">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
<Content Include="*.exe">
<CopyToOutputDirectory>Always</CopyToOutputDirectory>
</Content>
</ItemGroup>
<Target Name="CopyLinkedContentFiles" BeforeTargets="Build">
<Copy SourceFiles="%(Content.Identity)"
DestinationFiles="$(OutputPath)\%(Content.Link)"
SkipUnchangedFiles="true"
OverwriteReadOnlyFiles="true" />
</Target>
index.html