I have a script done by myself that uses jQuery Ajax functions to log some data from a web page when I access it. It takes some info and sends it to my local Apache host to save in a text file.
It worked for months, but I now getting an error related with this Same-Origin Policy(I know how it works and its purpose) and the browser is now ending the script execution showing this message:
The page at / displayed insecure content from
http://127.0.0.1:8081/whatever.php
Followed by this:
Refused to connect to connect 'http://127.0.0.1:8081/whatever.php?arguments=1' because it
violates the following Content Security Policy directive: "connect-src
/* https://*.website/
https://*.website xhr: error: SECURITY_ERR: DOM Exception 18
That last domain is colored in red on the error message. A curious detail is that on the JavaScript code on Tampermonkey I have the @includes of those domains but not the red marked domain. I've added it and tested, but didn't work.
Every discussion I've found on Google tells how to disable this policy but in case that you're developing an extension, that is not my case.
This code will just run in my machine, I didn't have the intention to distribute it in any way so any solution will be appreciated, even if the solution is to change browser configuration directly.
If this' useful, I'm using Windows 7.
I have a script done by myself that uses jQuery Ajax functions to log some data from a web page when I access it. It takes some info and sends it to my local Apache host to save in a text file.
It worked for months, but I now getting an error related with this Same-Origin Policy(I know how it works and its purpose) and the browser is now ending the script execution showing this message:
The page at https://www.website./ displayed insecure content from
http://127.0.0.1:8081/whatever.php
Followed by this:
Refused to connect to connect 'http://127.0.0.1:8081/whatever.php?arguments=1' because it
violates the following Content Security Policy directive: "connect-src
https://www.website./* https://*.website./
https://*.website xhr: error: SECURITY_ERR: DOM Exception 18
That last domain is colored in red on the error message. A curious detail is that on the JavaScript code on Tampermonkey I have the @includes of those domains but not the red marked domain. I've added it and tested, but didn't work.
Every discussion I've found on Google tells how to disable this policy but in case that you're developing an extension, that is not my case.
This code will just run in my machine, I didn't have the intention to distribute it in any way so any solution will be appreciated, even if the solution is to change browser configuration directly.
If this' useful, I'm using Windows 7.
Share Improve this question edited Nov 21, 2012 at 1:40 Brock Adams 93.7k23 gold badges241 silver badges305 bronze badges asked Nov 21, 2012 at 1:27 DontVoteMeDownDontVoteMeDown 21.5k10 gold badges72 silver badges113 bronze badges3 Answers
Reset to default 6Tampermonkey Beta fixed its GM_xmlHttpRequest to be independent from the page's CSP.
Unfortunately it can not fix jQuery AJAX requests cause it doesn't have a clue what sites are going to be contacted.
If the page you're contacting is Facebook, then the CSP is sent only to Chrome 21-23, but not Chrome 24. So you can use Tampermonkey's @user-agent tag to simulate Chrome 24.
On your local server, the whatever.php you're sending the data to, set up CORS (ie. send header Access-Control-Allow-Origin: *).
You do not need anything from above. All you have to do in your ajax call is to add
script.php?callback=?&your_parametars_here
and in php file you just have to add this when retrieving data:
echo $_GET['callback'].$your_data_here
thats all!
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744303766a4567628.html
评论列表(0条)