简体繁体 English

以前可以通过 Javascript 访问 HTTP 请求

[英]Are previously made HTTP Requests accessible via Javascript

原文 2021-07-26 03:14:22 8 1 javascript/ http/ security/ browser/ xss

Are the responses/payloads of previously made HTTP requests accessible programmatically via Javascript?之前发出的 HTTP 请求的响应/有效负载是否可以通过 Javascript 以编程方式访问？

I'd like know, if in the same way hackers can use XSS to access cookies/localStorage stores in the browser, can they access data from previously made HTTP requests (since the browser DevTools has the previous requests listed and visible in the network tab).我想知道，如果黑客可以以同样的方式使用 XSS 访问浏览器中的 cookie/localStorage 存储，他们是否可以访问来自先前发出的 HTTP 请求的数据（因为浏览器 DevTools 列出了先前的请求并在网络选项卡中可见））。

1 个解决方案

They are only accessible if code runs before or during the request that programatically saves the response.只有在以编程方式保存响应的请求之前或期间运行代码时，它们才可访问。 For example, one could overwrite window.fetch and save (but pass through) all requests and responses, or do the same for XMLHttpRequest, or save the result of a request normally inside a .then or in an onload handler.例如，可以覆盖window.fetch并保存（但传递）所有请求和响应，或者对 XMLHttpRequest 执行相同操作，或者将请求的结果通常保存在.then或onload处理程序中。

Devtools does have access to prior requests, but devtools has access to many things that can't be done via JavaScript - this is one of them. Devtools 确实可以访问先前的请求，但是 devtools 可以访问许多无法通过 JavaScript 完成的事情——这就是其中之一。

通过指令的多个AngularJS $ http请求阻止了其他JavaScript方法 - Multiple AngularJS $http requests via directive are blocking other JavaScript methods

禁用JavaScript的用户可以访问GWT吗？ - Can GWT be made accessible for users with JavaScript disabled?

用于 HTTP 请求的可移植 JavaScript - Portable JavaScript for HTTP requests

使用JavaScript响应HTTP请求 - Reactive http requests in JavaScript

处理 JavaScript 中的 HTTP 请求 - Handling HTTP Requests in JavaScript

使用Javascript捕获HTTP请求 - Capture HTTP requests with Javascript

您可以在 Javascript 中使用 querySelector 到 select 以前选择的子集吗？ - Can you use querySelector in Javascript to select a subset of a previously made selection?

有没有办法拦截通过JavaScript通过Flash对象发出的Ajax http请求的响应？ - Is there a way to intercept the response of an ajax http request made by a flash object via javascript?

Mod_proxy服务器流，用于通过托管的JavaScript应用发出HTTP请求 - Mod_proxy server flow for making HTTP requests via a hosted javascript app

javascript捕获和篡改http请求 - javascript capture and tamper http requests

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 通过指令的多个AngularJS $ http请求阻止了其他JavaScript方法 - Multiple AngularJS $http requests via directive are blocking other JavaScript methods 禁用JavaScript的用户可以访问GWT吗？ - Can GWT be made accessible for users with JavaScript disabled? 用于 HTTP 请求的可移植 JavaScript - Portable JavaScript for HTTP requests 使用JavaScript响应HTTP请求 - Reactive http requests in JavaScript 处理 JavaScript 中的 HTTP 请求 - Handling HTTP Requests in JavaScript 使用Javascript捕获HTTP请求 - Capture HTTP requests with Javascript 您可以在 Javascript 中使用 querySelector 到 select 以前选择的子集吗？ - Can you use querySelector in Javascript to select a subset of a previously made selection? 有没有办法拦截通过JavaScript通过Flash对象发出的Ajax http请求的响应？ - Is there a way to intercept the response of an ajax http request made by a flash object via javascript? Mod_proxy服务器流，用于通过托管的JavaScript应用发出HTTP请求 - Mod_proxy server flow for making HTTP requests via a hosted javascript app javascript捕获和篡改http请求 - javascript capture and tamper http requests

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM