绕过阻止其URL包含嵌入凭据的子资源请求 [英] Bypass blocking of subresource requests whose URLs contain embedded credentials
问题描述
href =https:// user:pass @ host /
在Chrome 59中, 。
$ b
[弃用]其URL包含嵌入凭证的子资源请求(例如 https:// user:pass @ host /
)被封锁了。
我读过并且在一个像这样的ajax请求中绕过了它:
========================================= ===============================
我的问题是:
有谁知道如何直接在链接中执行此操作,或者您是否可以提供某种解决方法?这甚至有可能吗?
传递命令行选项'--disable-blink-features = BlockCredentialedSubresources'恢复预期的行为。如果您使用的是Selneium,则可以将其作为浏览器功能中的一个 args 选项来传递,以恢复预期的行为。
PHP:
'chromeOptions'=> array('args'=> ['--disable-blink-features = BlockCredentialedSubresources']);
Python:$ b $根据Chromium票据( https://bugs.chromium.org/p/chromium/issues/detail?id=731618 )尽管它处于弃用状态,但未来版本中可能无法恢复此行为。在这种情况下,最好查看ssh管道进行测试,或者尽可能将白名单IP列入白名单,以防止HTTP Auth交互。
$ b
Anthony
I have been automatically authenticating users visiting our internal wiki via a link with a token in the URL like this:
href="https://user:pass@host/"
In Chrome 59, this is being prevented.
[Deprecation] Subresource requests whose URLs contain embedded credentials (e.g. https://user:pass@host/
) are blocked.
I read and I bypassed it in an ajax request like this:
how to replace embedded credentials in subresource requests
========================================================================
My Question is:
Does anyone know how to do it directly in the link, or can you provide some kind of workaround? Is this even possible?
Passing the command line option '--disable-blink-features=BlockCredentialedSubresources' restores the expected behavior. If you're using Selneium, you can pass it as an args option in the Browser Capabilities to restore the expected behavior.
PHP: 'chromeOptions' => array('args' => ['--disable-blink-features=BlockCredentialedSubresources']);
Python: capabilities['chromeOptions'] = {'args': ['--headless']}
According to the Chromium ticket (https://bugs.chromium.org/p/chromium/issues/detail?id=731618) this behavior may not be restored in future versions despite it being in 'Deprecation'. In this case, it might be best to look at ssh conduits for testing or whitelist the IP if possible to prevent the HTTP Auth interaction.
Anthony
这篇关于绕过阻止其URL包含嵌入凭据的子资源请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!