Google Chrome浏览器,同源策略杀死Tampermonkey脚本
[英]Google Chrome, Same-Origin Policy killing Tampermonkey script
问题描述
I have a script done by myself that uses jQuery Ajax functions to log some data from a web page when I access it. 
我自己编写了一个脚本,当我访问它时,该脚本使用jQuery Ajax函数从网页记录一些数据。 It takes some info and sends it to my local Apache host to save in a text file. 它需要一些信息并将其发送到我的本地Apache主机以保存在文本文件中。
It worked for months, but I now getting an error related with this Same-Origin Policy (I know how it works and its purpose) and the browser is now ending the script execution showing this message: 它已经工作了几个月,但是我现在收到一个与此同源策略有关的错误(我知道它的工作原理和目的),并且浏览器现在正在结束脚本执行,并显示以下消息:
The page at https://www.website.com/ displayed insecure content from
http://127.0.0.1:8081/whatever.php
Followed by this: 其次是:
Refused to connect to connect 'http://127.0.0.1:8081/whatever.php?arguments=1' because it
violates the following Content Security Policy directive: "connect-src
https://www.website.com/* https://*.website.com/
https://*.website.net xhr: error: SECURITY_ERR: DOM Exception 18
That last domain is colored in red on the error message. 错误消息上的最后一个域用红色显示。 A curious detail is that on the JavaScript code on Tampermonkey I have the @includes of those domains but not the red marked domain. 一个奇怪的细节是,在Tampermonkey上的JavaScript代码上,我具有这些域的@includes ,但没有红色标记的域。 I've added it and tested, but didn't work. 我已经添加并测试了它,但是没有用。
Every discussion I've found on Google tells how to disable this policy but in case that you're developing an extension, that is not my case. 我在Google上发现的所有讨论都告诉您如何禁用此政策,但是如果您要开发扩展程序,则不是我的情况。
This code will just run in my machine, I didn't have the intention to distribute it in any way so any solution will be appreciated, even if the solution is to change browser configuration directly. 该代码将仅在我的计算机中运行,我无意以任何方式分发它,因此,即使解决方案是直接更改浏览器配置,也可以采用任何解决方案。
If this' useful, I'm using Windows 7. 如果这有用,我正在使用Windows 7。
3 个解决方案
解决方案1
6 已采纳 2012-12-12 17:28:56
Tampermonkey Beta fixed its GM_xmlHttpRequest to be independent from the page's CSP. Tampermonkey Beta将其GM_xmlHttpRequest为独立于页面的CSP。
Unfortunately it can not fix jQuery AJAX requests cause it doesn't have a clue what sites are going to be contacted. 不幸的是,它无法解决jQuery AJAX请求,因为它不知道将要联系哪些网站。
If the page you're contacting is Facebook , then the CSP is sent only to Chrome 21-23, but not Chrome 24. So you can use Tampermonkey's @user-agent tag to simulate Chrome 24. 如果您要访问的页面是Facebook ,则CSP仅发送给Chrome 21-23,而不发送给 Chrome24。因此,您可以使用Tampermonkey的@user-agent标签模拟Chrome 24。
解决方案2
2 2012-11-21 01:31:28
在本地服务器上,该whatever.php你发送的数据,建立CORS (即发送头。 Access-Control-Allow-Origin: * )。
解决方案3
1 2012-11-21 02:24:48
You do not need anything from above. 您不需要上面的任何东西。 All you have to do in your ajax call is to add 您在ajax调用中要做的就是添加
script.php?callback=?&your_parametars_here
and in php file you just have to add this when retrieving data: 并且在php文件中,您只需要在检索数据时添加此内容即可:
echo $_GET['callback'].$your_data_here
thats all! 就这样!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.