4

我正在尝试使用Runtime.evaluate. 据我了解文档,这应该可以通过使用+ [1]创建executionContext具有通用访问权限并将返回的传递给as来实现。Page.createIsolatedWorldgrantUniveralAccess: trueexecutionContextIdRuntime.evaluatecontextId

有任何想法吗?

chromium-browser --user-data-dir=/tmp/headless --remote-debugging-port=9000给定从[2]开始的铬工艺。

// See [3] for full code
const frameId = /* frameId of our page with origin localhost:9000 */
function execute(command, args) { /* ... send and receive on websocket */ }

const {executionContextId} = await execute("Page.createIsolatedWorld", {
  frameId: frameId, 
  grantUniveralAccess: true // NOT grantUniversalAccess. Typo in devtools protocol itself [4].
})

// fails with:
// Access to fetch at 'http://example.com/' from origin 'http://localhost:9000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled. 
await execute("Runtime.evaluate", {
  awaitPromise: true, 
  expression: `fetch("http://example.com").then(r => r.text())`, 
  contextId: executionContextId
})

// fails with:
// Uncaught DOMException: Blocked a frame with origin "http://localhost:9000" from accessing a cross-origin frame.
execute("Runtime.evaluate", {
  awaitPromise: true,
  expression: `
    new Promise((resolve, reject) => {
      const iframe = document.createElement("iframe");
      iframe.src = "http://example.com"
      iframe.onload = () => resolve(iframe)
      iframe.onerror = reject;
      document.body.append(iframe)
    }).then(iframe => iframe.contentWindow.document)`,    
  contextId: executionContextId
})

[1] 我本来希望通用访问权限允许我以与--disable-web-security标志相同的方式访问跨源资源 - 这在内部授予通用访问权限

  if (!frame_->GetSettings()->GetWebSecurityEnabled()) {
    // Web security is turned off. We should let this document access
    // every other document. This is used primary by testing harnesses for
    // web sites.
    origin->GrantUniversalAccess();

[2] 全头运行以便于调试(例如,看到完整的 cors 错误仅打印到控制台)——运行 with--headless也不起作用。

[3]

  const targets = await fetch("http://localhost:9000/json").then(r => r.json());
  const tab = targets.filter(t => t.type === "page")[0];
  let counter = 0, commands = {}; 
  const w = new WebSocket(tab.webSocketDebuggerUrl);
  await new Promise(resolve => { w.onopen = resolve; })
  w.onmessage = event => {
    const json = JSON.parse(event.data)
    if (commands[json.id]) commands[json.id](json);
    else console.log(json); // event
  }
  
  function execute(method, params) {
    return new Promise((resolve, reject) => {
      const id = counter++;
      commands[id] = ({result, error}) => {
        console.log(method, params, result, error)
        if (error) reject(error);
        else resolve(result);
        // delete commands[id];
      };
      w.send(JSON.stringify({method, id, params}));
    });
  }
  window.execute = execute;
  window.frameId = tab.id;

[4] 正确的参数名称是grantUniveralAccess(no sin univeral)。通过传递类型不正确的值(期望为布尔值)轻松验证

// fails with:
// Failed to deserialize params.grantUniveralAccess - BINDINGS: bool value expected at position 69
await execute("Page.createIsolatedWorld", {frameId, grantUniveralAccess: "true"})
4

0 回答 0