[英]javascript capture and tamper http requests
Is there a way with javascript on a page to tamper http requests done by other scripts (on same page)? 页面上的javascript是否有办法篡改其他脚本(在同一页面上)完成的http请求? The other scripts can be from external domains.
其他脚本可以来自外部域。
Let's say on a page X a script loaded from an external domain performs an http get like GET http://www.example.com?foo=bar
is it possible that a previously loaded script in the same page X can capture this request, and tamper with it so it becomes GET http://www.example.com?foo=qux
? 假设在第X页上,从外部域加载的脚本执行的
GET http://www.example.com?foo=bar
类似于GET http://www.example.com?foo=bar
,那么同一页X中先前加载的脚本是否可以捕获此请求,并对其进行篡改,使其成为GET http://www.example.com?foo=qux
?
In jquery i can achieve this by wrapping the ajax get post methods. 在jquery中,我可以通过包装ajax get post方法来实现。 But is this possible for plain javascript, no frameworks, working across all page and client's http requests?
但这是否适用于纯JavaScript,无框架,跨所有页面和客户端的HTTP请求工作?
It seems to me that for this to be done, the script must be able to override something very deep in the core. 在我看来,要做到这一点,脚本必须能够覆盖内核中非常深的内容。 If i have to guess i would say it's not possible by design and because of security .
如果我不得不猜测,我会说这是设计和安全性所无法实现的 。 What do you think?
你怎么看?
ps no proxies, no external tools. ps没有代理,没有外部工具。
No you can't capture the HTTP request going out of your app, once it has gone out of your app . 不 , 一旦请求退出应用程序,您将无法捕获HTTP请求。
However, there is one work around possible 但是,有一种可能的解决方法
customAjax()
which can alter the parameters of the actual request that will go out. customAjax()
,它可以更改将要发出的实际请求的参数。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.