[英]Need help tracking down a specific website (to identify Spotify account)
I stumbled across a website a while back where it showed the privacy repercussions of logging in to Spotify using the web version.不久前我偶然发现了一个网站,该网站显示了使用 web 版本登录 Spotify 的隐私影响。 I believe it used JavaScript but I can't be too sure.我相信它使用了 JavaScript 但我不能太确定。 Anyway, this unrelated website was able to display my Spotify username despite me not authorizing anything.不管怎样,这个不相关的网站能够显示我的 Spotify 用户名,尽管我没有授权任何东西。 If I remember correctly, it also had slots for other services that I didn't use so it couldn't show my username there.如果我没记错的话,它还有我没有使用的其他服务的插槽,因此它无法在那里显示我的用户名。
But what I'm interested in learning about is how it managed to get my Spotify username.但我感兴趣的是它是如何获取我的 Spotify 用户名的。 Not because I plan to use the method but out of curiosity with how the whole thing works.不是因为我打算使用该方法,而是出于对整个过程如何运作的好奇。 When I found out about that page/site awhile back, it spooked me enough that I started using a different browser profile specifically for Spotify going forward because of it but I never got around to digging deeper into how it actually did what it did.当我不久前发现那个页面/网站时,它吓坏了我,我开始使用一个不同的浏览器配置文件,专门为 Spotify 向前发展,因为它,但我从来没有抽出时间深入挖掘它实际上是如何做的。
Cookies save your an access token
for Spotify account after to success login of Spotify. Cookies 成功登录 Spotify 后,保存您的 Spotify 帐户access token
。
Next time, if open your browser go to下次如果打开浏览器 go 到
https://open.spotify.com/
It's java-script to access from your PC's cookies, call this API with cookies an access token
, get your information.它是从您的 PC 的 cookies 访问的 java 脚本,用 cookies 调用此 API access token
,获取您的信息。
Then display your user name in the web page.然后在web页面显示你的用户名。
https://api.spotify.com/v1/me
If I copy from my Chrome browser the access-token and API URL, Then access by Postman.如果我从我的 Chrome 浏览器复制访问令牌和 API URL,然后通过 Postman 访问。
I can get the my user name.我可以获得我的用户名。
Each browser has own location to save a cookies, if you never login before other browser, will not pick up your information.每个浏览器都有自己的位置保存一个cookies,如果你之前没有登录其他浏览器,将不会提取你的信息。
I did not login before by Firefox. This is screen of login.我之前没有通过Firefox登录。这是登录屏幕。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.