0
我試圖連接到我的ISP調制解調器來獲取一些隱藏的數據,所以我創建了一個JavaScript頁面內的一個JavaScript頁面。我使用xmlhttprequest登錄到頁面,它的工作原理,但我無法獲得這是強制性的,使我的請求,並獲得這些隱藏的數據的cookie。 我讀到NWJS我可以繞過CORS的限制...但我不知道我在做什麼錯... 我實際上使用最新的SDK NWJS 0.22.1在NWJS中的跨域來源安全
這是我的的package.json:
{
"main": "index.html",
"name": "Liveboxinfos",
"description": "test app",
"version": "1.0.0",
"nodejs": true,
"node-remote": "http://192.168.1.1/*",
"permissions": ["*://*/*"],
"chromium-args": "--disable-web-security --user-data-dir",
"window": {
"title": "node-webkit demo",
"icon": "link.png",
"toolbar": true,
"frame": true,
"width": 1200,
"height": 600,
"position": "center",
"min_width": 600,
"min_height": 400,
"max_width": 1200,
"max_height": 600
}
}
這裏是我的index.html中的JavaScript部分:
var ip = "192.168.1.1";
var password = "password";
var HTTP = new XMLHttpRequest();
var url = "http://" + ip;
var params = '{"service":"sah.Device.Information","method":"createContext","parameters":{"applicationName":"so_sdkut","username":"admin","password":"' + password + '"}}';
HTTP.open("POST", url, false);
HTTP.setRequestHeader("Content-Type", "application/x-sah-ws-4-call+json");
HTTP.setRequestHeader("Authorization", "X-Sah-Login");
HTTP.withCredentials = true;
HTTP.onreadystatechange = function() {//Call a function when the state changes.
if(HTTP.readyState == 4 && HTTP.status == 200) {
//alert(HTTP.responseText);
}
}
HTTP.send(params);
const regex = /contextID":"(.*?)"/;
const Received = HTTP.responseText;
const cookie = HTTP.getResponseHeader("set-cookie");
這裏是我的測試應用程序,你可以看到,餅乾=空... 
如果這是真的,那麼有件事我不明白這裏:http://docs.nwjs.io/en/v0.13.0/For%20Users/Advanced/Security%20in% 20NW.js /他們說:節點框架比普通框架具有以下額外功能:•繞過所有安全限制,例如沙盒,相同的原點策略等。例如,您可以將交叉原點XHR創建爲任何遠程站點 – cetipabo