在一台工作站中模拟同源策略
我正在尝试用我自己的笔记本电脑模拟同源策略以进行研究。 我尝试了以下方法,但它不起作用:
httpd.conf:
...
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.client.es
DocumentRoot "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/client"
<Directory "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/client">
AllowOverride All
Allow from All
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName www.custom.es
DocumentRoot "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/custom"
<Directory "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/custom">
AllowOverride All
Allow from All
</Directory>
</VirtualHost>
...
现在,为了获得SOP效果,我构建了两个不同的模拟站点:
www.client.es/index.htm
...
<html>
...
<script type="text/javascript" src="http://www.custom.es/js/hello.js"></script>
...
</body>
</html>
www.custom.es/js/ hello.js
alert("Hello.js: loaded");
最后,我向 etc/hosts 添加了正确的行,
127.0.0.1 www.custom.es
127.0.0.1 www.client.es
这样我就可以从浏览器获取不同的模拟站点,就好像它们是真正不同的站点一样。
问题是,由于同源政策,我预计 Chrome/Firefox/Explorer/etc 无法 获取 hello.js,但一切都已提供,并且当我浏览 www 时不会出现错误.client.es/index.htm
有任何线索吗?提前致谢。
I'm trying to simulate the same origin policy with my own laptop for researching purposes.
I'd tried the following way, but it's not working:
httpd.conf:
...
NameVirtualHost *:80
<VirtualHost *:80>
ServerName www.client.es
DocumentRoot "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/client"
<Directory "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/client">
AllowOverride All
Allow from All
</Directory>
</VirtualHost>
<VirtualHost *:80>
ServerName www.custom.es
DocumentRoot "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/custom"
<Directory "C:/maestro/desarrollo/Apache Software Foundation/Apache2.2/htdocs/custom">
AllowOverride All
Allow from All
</Directory>
</VirtualHost>
...
Now, in order to get the SOP effect I built two different mock sites:
www.client.es/index.htm
...
<html>
...
<script type="text/javascript" src="http://www.custom.es/js/hello.js"></script>
...
</body>
</html>
www.custom.es/js/hello.js
alert("Hello.js: loaded");
Finally I added the proper lines to etc/hosts
127.0.0.1 www.custom.es
127.0.0.1 www.client.es
So I can get different mocksites from the browser as if they were real different sites.
The problem is that I was expecting Chrome/Firefox/Explorer/etc not to be able to get the hello.js due to the Same Origin Policy but everything is served and no error arises when I browse to www.client.es/index.htm
Any clue? Thanks in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
对于从不同域下载和执行
There aren't any restrictions against downloading and executing javascript in
<script>tags from a different domain. The restrictions are against cross-domain ajax. What you did will work fine.