卷曲到Javascript [英] Curl to Javascript

问题描述

我正在制作一个Chrome扩展程序，通过api与网站对话。我希望它通过cors请求将有关当前标签的信息传递到我的网站。

I am making a Chrome Extension that talks to a website via an api. I want it to pass information about a current tab to my website via a cors request.

我的POST api请求已经有效。它看起来像这样：

I have a POST api request already working. It looks like this:

...
var url = "https://webiste.com/api/v1/users/sendInfo"
...
xhr.send(JSON.stringify({user_name:user_name, password:password, info:info}));

其对应的curl语句如下：

Its corresponding curl statement is something like this:

curl -X POST https://website.com/api/v1/users/sendInfo -d '{ username:"username", password:"password", info: "Lot's of info" }' --header "Content-type: application/json

但是，这是不像我们想要的那样安全。我被告知镜像下面的curl命令：

But, this is not as secure as we want. I was told to mirror the curl command below:

curl --basic -u username:password <request url> -d '{ "info": "Lot's of info" }'

但是一个人不能只将curl写入javascript。
如果有人可以提供像这个curl语句那样的javascript，或者在curl脚本的基本选项中准确解释发生了什么，我想我可以从那里继续前进。 / p>

But, one cannot just write curl into javascript. If someone could either supply javascript that acts like this curl statement or explain exactly what is going on in that basic option of the curl script I think that I could progress from there.

推荐答案

curl 命令设置 basic 授权标题。这可以在JavaScript中完成，例如

The curl command is setting a basic Authorization header. This can be done in JavaScript like

var url = "https://webiste.com/api/v1/users/sendInfo",
    username = "...",
    password = "...";
xhr.open('POST', url, true, username, password);
xhr.send(...);

这使用base 64对用户名/密码进行编码，并设置授权标题。

This encodes the username/password using base 64, and sets the Authorization header.

编辑正如arcyqwerty所说，这已不复存在安全比在请求正文JSON中发送用户名/密码。使用基本身份验证方法的优点是，它是一种指定用户凭据的标准方法，可以很好地与许多后端集成。如果您需要安全性，请务必通过HTTPS发送数据。

Edit As arcyqwerty mentioned, this is no more secure than sending username/password in the request body JSON. The advantage of using the basic authentication approach is that it's a standard way of specifying user credentials which integrates well with many back-ends. If you need security, make sure to send your data over HTTPS.

这篇关于卷曲到Javascript的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！