search

titaniumnetwork-dev / Ultraviolet-App

Example application of Ultraviolet which can be deployed in production.
https://docs.titaniumnetwork.org/proxies/ultraviolet
MIT License
290 stars 4.46k forks source link

Issue with cors #11

Closed novafurry closed 1 year ago

novafurry commented 2 years ago

Hello, i'm building a website like hypertabs but image as you can see its complaining about the origin, is there any way i can fix this? (im trying to get the url of the iframe)

Thanks for making this amazing proxy. Any help appreciated.

rifting commented 2 years ago

Check out https://replit.com/@Riftriot2/Hypertabs-GX and compare code Edit: Hypertabs uses some methods to bypass modern browser restrictions on getting info from other sites, don't know much about it but you could look at the source code

illusionTBA commented 2 years ago

This isn’t a UV related issue. Also if you feel skiddy today , HT is open source

illusionTBA commented 2 years ago

Check out https://replit.com/@Riftriot2/Hypertabs-GX and compare code Edit: Hypertabs uses some methods to bypass modern browser restrictions on getting info from other sites, don't know much about it but you could look at the source code

I think HT uses bare-client for getting the info on other sites.

e9x commented 2 years ago

I think HT uses bare-client for getting the info on other sites.

Yes, we use the Bare client, however this is for efficiently resolving the favicon of the website. The most recent branch (private) uses the Bare client. It is open source to those who want it to be (dumping the website's assets...)

e9x commented 2 years ago

Imagine being able to create an iframe to Google, then accessing document.cookie in the iframe and stealing them. This would be insecure and requires a solution like loading the website under a domain you control (via a web proxy) or only using the iframe's src (which may not match the real location of the iframe).

Try sending a postMessage with the URL of the link when clicked to the topmost window.

novafurry commented 2 years ago

Imagine being able to create an iframe to Google, then accessing document.cookie in the iframe and stealing them. This would be insecure and requires a solution like loading the website under a domain you control (via a web proxy) or only using the iframe's src (which may not match the real location of the iframe).

Try sending a postMessage with the URL of the link when clicked to the topmost window.

Is there anyway i could modify teh output and add a script to the end of every page requested? so i can post the url via a msg?

e9x commented 2 years ago

Imagine being able to create an iframe to Google, then accessing document.cookie in the iframe and stealing them. This would be insecure and requires a solution like loading the website under a domain you control (via a web proxy) or only using the iframe's src (which may not match the real location of the iframe). Try sending a postMessage with the URL of the link when clicked to the topmost window.

Is there anyway i could modify teh output and add a script to the end of every page requested? so i can post the url via a msg?

You can only post the URL from the pages on the origin (eg. newtab.html). You can post the URL of where newtab.html is about to redirect to.