堆栈内存溢出
  简体   繁体   English

是否可以通过代理嵌入安全的 https 页面或以某种方式抓取内容......?

[英]Is it possible to embed secured https page through proxy or grap the content somehow ...?

 原文  2020-09-18 10:13:55       javascript/ iframe/ https/ proxy/ embed

问题描述

I am trying to embed or get the content of a https website and tried already some ways:我正在尝试嵌入或获取 https 网站的内容,并且已经尝试了一些方法:

  1. Iframe - is forbidden: [Error] Refused to display 'https:// any url ?width=100?data=data' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'. iframe - 被禁止:[错误] 拒绝在框架中显示“https:// any url ?width=100?data=data”,因为它将“X-Frame-Options”设置为“SAMEORIGIN”。

  2. Get the content with tunnel - CONNECT request.使用隧道获取内容 - CONNECT 请求。 Is not allowed.不被允许。

Is there any way, how i can achieve this?有什么办法,我怎么能做到这一点? I have read many old posts, that this is possible, but i think all of them are deprecated.我已经阅读了许多旧帖子,认为这是可能的,但我认为所有这些帖子都已弃用。 Can i proxy the website somehow?我可以以某种方式代理网站吗?

Thanks for your help!谢谢你的帮助!

1 个解决方案

解决方案1
 0  2020-09-19 07:49:09

The browser adheres to the directives stated in headers found on web resources response, for various security reasons (eg, X-Frame-Options header that prevents loading in an iframe).出于各种安全原因(例如,防止在 iframe 中加载的X-Frame-Options标头),浏览器遵循在 Web 资源响应中找到的标头中声明的指令。

Old bypass methods that you might've found for these restrictions, are bound to be prevented eventually as they are considered security holes.您可能已经为这些限制找到的旧绕过方法,最终必然会被阻止,因为它们被认为是安全漏洞。

Notice that these are client-side restrictions.请注意,这些是客户端限制。 I believe that methods that involve a special client or a service that ignores these restricting headers, might be the right path to your problem.我相信涉及忽略这些限制性标头的特殊客户端或服务的方法可能是解决问题的正确途径。 It all depends on what you're trying to achieve (Just showing the secured page content? Allowing the user to interact with the page? User can log-in to the secured website? etc.)这完全取决于您要实现的目标(仅显示受保护的页面内容?允许用户与页面交互?用户可以登录受保护的网站?等)

For example, a web service that fetches a page and serve it to the requesting client without the restricting headers.例如,获取页面并将其提供给请求客户端的 Web 服务,而没有限制标题。

This method isn't bulletproof - You might need to rewrite the resource's URLs in the HTML, deal with cookies, prevent javascript code from detecting if the page is in an iframe, etc.这种方法不是万无一失的——您可能需要在 HTML 中重写资源的 URL、处理 cookie、防止 javascript 代码检测页面是否在 iframe 中等。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过Ajax进行基本身份验证,无需在对话框中输入用户名和密码即可访问使用https保护的页面 - Basic Auth through Ajax for accessing a page secured with https without entering Username and Password in dialog box 在HTTPS安全页面上引用jQuery CDN? - Referencing jQuery CDN on a HTTPS secured page? HTTPS页面上的不安全内容 - Insecure content on HTTPS page 在页面上嵌入HTML内容的脚本 - Script to embed HTML content on page 是否可以通过Ajax更改页面源内容变量 - Is it possible to make changes to a page source content variable through Ajax 如何在对象数组中获取数组的内容 - how to grap the content of an array inside an array of objects 是否可以通过外部脚本覆盖/删除页面内容安全策略? - It is possible to override/remove page Content Security Policy through the external script? 重定向到安全服务器(https) - Redirection to Secured Server (https) 是否可以通过某种方式将日期从RadComboBox传输到另一个RadComboBox(不同页面)? - Is it somehow possible to transfer date from a RadComboBox to another RadComboBox (Different Page)? 如何将 ssrs iframe 内容嵌入到 html 页面中? - How to embed ssrs iframe content into html page?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM