UNPKG

x-frame-bypass/x-frame-bypass.js

Version:

2.58 kBJavaScriptView Raw

1customElements.define('x-frame-bypass', class extends HTMLIFrameElement {
constructor () {
super()
}
connectedCallback () {
this.load(this.src)
this.src = ''
this.sandbox = '' + this.sandbox || 'allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-same-origin allow-scripts allow-top-navigation-by-user-activation' // all except allow-top-navigation
}
load (url, options) {
if (!url || !url.startsWith('http'))
	throw new Error(`X-Frame-Bypass src ${url} does not start with http(s)://`)
console.log('X-Frame-Bypass loading:', url)
this.srcdoc = `<html>
15<head>
<style>
.loader {
position: absolute;
top: calc(50% - 25px);
left: calc(50% - 25px);
width: 50px;
height: 50px;
background-color: #333;
border-radius: 50%;  
animation: loader 1s infinite ease-in-out;
}
@keyframes loader {
0% {
transform: scale(0);
}
100% {
transform: scale(1);
opacity: 0;
}
}
</style>
37</head>
38<body>
<div class="loader"></div>
40</body>
41</html>`
this.fetchProxy(url, options, 0).then(res => res.text()).then(data => {
	if (data)
		this.srcdoc = data.replace(/<head([^>]*)>/i, `<head$1>
<base href="${url}">
<script>
// X-Frame-Bypass navigation event handlers
document.addEventListener('click', e => {
if (frameElement && document.activeElement && document.activeElement.href) {
	e.preventDefault()
	frameElement.load(document.activeElement.href)
}
})
document.addEventListener('submit', e => {
if (frameElement && document.activeElement && document.activeElement.form && document.activeElement.form.action) {
	e.preventDefault()
	if (document.activeElement.form.method === 'post')
		frameElement.load(document.activeElement.form.action, {method: 'post', body: new FormData(document.activeElement.form)})
	else
		frameElement.load(document.activeElement.form.action + '?' + new URLSearchParams(new FormData(document.activeElement.form)))
}
})
</script>`)
}).catch(e => console.error('Cannot load X-Frame-Bypass:', e))
}
fetchProxy (url, options, i) {
const proxy = [
	'https://cors.io/?',
	'https://jsonp.afeld.me/?url=',
	'https://cors-anywhere.herokuapp.com/'
]
return fetch(proxy[i] + url, options).then(res => {
	if (!res.ok)
		throw new Error(`${res.status} ${res.statusText}`);
	return res
}).catch(error => {
	if (i === proxy.length - 1)
		throw error
	return this.fetchProxy(url, options, i + 1)
})
}
82}, {extends: 'iframe'})
\No newline at end of file

1	`customElements.define('x-frame-bypass', class extends HTMLIFrameElement {`
2	`constructor () {`
3	`super()`
4	`}`
5	`connectedCallback () {`
6	`this.load(this.src)`
7	`this.src = ''`
8	`this.sandbox = '' + this.sandbox \|\| 'allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox allow-presentation allow-same-origin allow-scripts allow-top-navigation-by-user-activation' // all except allow-top-navigation`
9	`}`
10	`load (url, options) {`
11	`if (!url \|\| !url.startsWith('http'))`
12	throw new Error(`X-Frame-Bypass src ${url} does not start with http(s)://`)
13	`console.log('X-Frame-Bypass loading:', url)`
14	this.srcdoc = `<html>
15	`<head>`
16	`<style>`
17	`.loader {`
18	`position: absolute;`
19	`top: calc(50% - 25px);`
20	`left: calc(50% - 25px);`
21	`width: 50px;`
22	`height: 50px;`
23	`background-color: #333;`
24	`border-radius: 50%;`
25	`animation: loader 1s infinite ease-in-out;`
26	`}`
27	`@keyframes loader {`
28	`0% {`
29	`transform: scale(0);`
30	`}`
31	`100% {`
32	`transform: scale(1);`
33	`opacity: 0;`
34	`}`
35	`}`
36	`</style>`
37	`</head>`
38	`<body>`
39	`<div class="loader"></div>`
40	`</body>`
41	</html>`
42	`this.fetchProxy(url, options, 0).then(res => res.text()).then(data => {`
43	`if (data)`
44	this.srcdoc = data.replace(/<head([^>]*)>/i, `<head$1>
45	`<base href="${url}">`
46	`<script>`
47	`// X-Frame-Bypass navigation event handlers`
48	`document.addEventListener('click', e => {`
49	`if (frameElement && document.activeElement && document.activeElement.href) {`
50	`e.preventDefault()`
51	`frameElement.load(document.activeElement.href)`
52	`}`
53	`})`
54	`document.addEventListener('submit', e => {`
55	`if (frameElement && document.activeElement && document.activeElement.form && document.activeElement.form.action) {`
56	`e.preventDefault()`
57	`if (document.activeElement.form.method === 'post')`
58	`frameElement.load(document.activeElement.form.action, {method: 'post', body: new FormData(document.activeElement.form)})`
59	`else`
60	`frameElement.load(document.activeElement.form.action + '?' + new URLSearchParams(new FormData(document.activeElement.form)))`
61	`}`
62	`})`
63	</script>`)
64	`}).catch(e => console.error('Cannot load X-Frame-Bypass:', e))`
65	`}`
66	`fetchProxy (url, options, i) {`
67	`const proxy = [`
68	`'https://cors.io/?',`
69	`'https://jsonp.afeld.me/?url=',`
70	`'https://cors-anywhere.herokuapp.com/'`
71	`]`
72	`return fetch(proxy[i] + url, options).then(res => {`
73	`if (!res.ok)`
74	throw new Error(`${res.status} ${res.statusText}`);
75	`return res`
76	`}).catch(error => {`
77	`if (i === proxy.length - 1)`
78	`throw error`
79	`return this.fetchProxy(url, options, i + 1)`
80	`})`
81	`}`
82	`}, {extends: 'iframe'})`
\	No newline at end of file