[英]JavaScript HTTP Request Not in Incognito Mode
I'm new to web development and am trying to build a small webpage that'll attempt to detect if anyone's currently logged into Instagram on that browser.我是 web 开发的新手,我正在尝试构建一个小型网页,该网页将尝试检测当前是否有人在该浏览器上登录 Instagram。 If I run my code command-by-command in Chrome's console and manually copy-paste the HTML, it works perfectly.如果我在 Chrome 的控制台中逐个命令运行我的代码并手动复制粘贴 HTML,它可以完美运行。 But when I try to run my code separately, it seems to run as if it was in Incognito mode.但是当我尝试单独运行我的代码时,它似乎就像在隐身模式下一样运行。
How would one get around this?如何解决这个问题? If the user needs to grant my page permission to access Instagram, how would I do that?如果用户需要授予我的页面访问 Instagram 的权限,我该怎么做?
Here's the JS part of my code:这是我的代码的 JS 部分:
const USERNAME_REGEX = /"viewer"\:{.*"full_name"\:"([^"]+)"/gm;
const FULLNAME = 'full_name\":\"';
document.addEventListener('DOMContentLoaded', () => {
const request = new XMLHttpRequest();
request.open('GET', 'https://instagram.com');
request.send();
request.onload = () => {
const data = request.responseText;
var u = data.match(USERNAME_REGEX);
if (u != null) {
u = u[0];
u = u.substring(u.indexOf(FULLNAME) + FULLNAME.length).slice(0, -1);
document.querySelector('#info').innerHTML = u;
}
else {
document.querySelector('#info').innerHTML = 'no one is logged in!';
}
}
});
Thank you:) have a wonderful day!谢谢:)祝您有美好的一天!
I'm new to web development and am trying to build a small webpage that'll attempt to detect if anyone's currently logged into Instagram on that browser.我是 web 开发的新手,我正在尝试构建一个小型网页,该网页将尝试检测当前是否有人在该浏览器上登录 Instagram。
That sounds like a security and privacy nightmare, which fortunately for everyone (you included) isn't possible.这听起来像是一场安全和隐私的噩梦,幸运的是,这对每个人(包括你在内)来说都是不可能的。 (Or at least, it shouldn't be...) (或者至少,它不应该是……)
If I run my code command-by-command in Chrome's console and manually copy-paste the HTML, it works perfectly.如果我在 Chrome 的控制台中逐个命令运行我的代码并手动复制粘贴 HTML,它可以完美运行。
Totally different context.完全不同的语境。 You'll find, in fact, that if you run this code in a console that isn't on Instagram.com, it won't work.实际上,您会发现,如果您在不在 Instagram.com 上的控制台中运行此代码,它将无法正常工作。
Same-origin policy will prevent you from accessing another domain. 同源策略将阻止您访问另一个域。 What you're attempting is a classic cross-origin attack that isn't going to work.您正在尝试的是一种经典的跨域攻击,它不会起作用。 CORS would get around this, but Instagram surely isn't going to enable you access. CORS 可以解决这个问题,但 Instagram 肯定不会让您访问。
How would one get around this?如何解决这个问题?
You don't.你没有。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.