插件简介
Intercept and modify or delete websites' security headers
Modify or delete websites' security headers on the fly.
• If you want to load a website in an iframe, and that website uses "X-Frame-Options: SAMEORIGIN", Chrome will refuse to show the website. Use the "Delete X-Frame-Options header" option to have Chrome ignore that restriction.
• If you want to call a foreign AJAX endpoint from a website that has "Content-Security-Policy: ..." set to disallow wildcard script-src, use the "Delete Content-Security-Policy header" to allow running any script on that page.
• If you want to call out to an API endpoint that doesn't specify itself as CORS-friendly, enable the "Add Access-Control-Allow-Origin: * header" and "Add Access-Control-Allow-Methods: * header" options.
Each restriction can be disabled or enabled individually, and a list of checkboxes on the configuration page clearly indicates which restrictions are disabled.
Source code: https://github.com/chbrown/chrome-unxss
其他信息
ID cbjmpjkhiafmdnjnigdbelcnbihgpmge
版本 0.0.4 上次更新日期 2015年1月10日 大小 234KiB 语言 支持1
种语言 适用浏览器
谷歌浏览器、其他Chromium内核的浏览器
