Getting the WebContents of an <iframe>

[0xENDER]

Preflight Checklist

• I have read the Contributing Guidelines for this project.
• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for a feature request that matches the one I want to file, without success.

Problem Description

I've once opened an issue about how the functionality of disable-x-frame-options in <iframe>-s should get restored. (#26258)
It didn't catch any attention. Anyway, I've found a solution to my problem:

win.webContents.session.webRequest.onHeadersReceived((details, callback) => {
    callback({ responseHeaders: Object.fromEntries(Object.entries(details.responseHeaders).filter(header => !/x-frame-options/i.test(header[0]))) });
});

But using this solution means that all <iframe>-s within my app will have x-frame-options disabled.
And, seeing that I can't use <webview>-s inside of <webview>-s (#1130), there isn't any other solution that I can use.

Proposed Solution

It'd be a good solution to be able to get the webContents of <iframe>-s. This way, the developer would have some decent control over <iframe>-s. Thus, there would be no need to reintroduce the functionality of disable-x-frame-options. And developers would have a good alternative to <webview>-s inside of <webview>-s.

Alternatives Considered

An alternative to introducing this feature would be restoring the functionality of disable-x-frame-options in <iframe>-s (#26258), and fixing <webview>-s inside of <webview>-s. (#1130)

Additional Information

Introducing this feature, instead of the alternatives, would be a much greater solution. So please consider doing so. Thank you!

[nornagon]

You can do this by catching the web-contents-created event.

It might be nice to add a link to the new webFrameMain API too. cc @samuelmaddock @miniak.

[0xENDER]

@nornagon, the web-contents-created event is pretty useful. But is there a way to know what iframe does the generated webContents belong to?

Edit: I tried to use this event, but it's not detecting <iframe>-s' WebContents.

app.on('web-contents-created', function(event, webContents) {
    console.log("[START] New WebContents!");
    console.log(event);
    console.log(webContents);
    console.log("[END] New WebContents!");
});

[MarshallOfSound]

@adel-sbeh not all iframe's get webContents. You can use the new webFrameMain API to find the webFrame for the iframe.

[0xENDER]

How can I access the new webFrameMain API?

[0xENDER]

There is no documentation for this API. (https://www.electronjs.org/docs/api/web-frame-main)

[0xENDER]

#25464 I see that this is a beta feature.

[Jelmerro]

You can also do something like this:

• In the renderer, get the id of the webview: webview.getWebviewContentsId()
• Send it to main and execute: webContents.fromId(id).mainFrame.frames to get an array of subframes (including iframes) for a webview

I also want to mention that there is a related ticket to get control over iframes in webviews, which proposes a way to run preload scripts inside these iframes. Currently this is not possible, even though the docs state otherwise, so be aware of that.

[0xENDER]

@Jelmerro, this only works with <webview>-s.

[samuelmaddock]

@adel-sbeh have you had a chance to see the updated documentation for the WebFrameMain API?
https://www.electronjs.org/docs/api/web-frame-main
https://www.electronjs.org/docs/api/web-contents#contentsmainframe-readonly

Do you believe its functionality is sufficient for solving your problem?

[nikitakot]

Is it somehow possible to change the url of an iframe which did the request from session.webRequest.onHeadersReceived callback? Since iframes do not have a separate webContents assigned and WebFrameMain do not have any API for changing the url I assume it's not possible...but maybe there is a workaround? Thanks. @MarshallOfSound @nornagon

[george-thomas-hill]

Bump.