如何从 firebug 控制台隐藏 ajax 请求?

发布于 2024-12-17 12:03:38 字数 48 浏览 0 评论 0原文

如何隐藏来自 firebug 控制台或任何显示 ajax 调用的 ajax 请求?

How to hide ajax requests from firebug console or anything that shows ajax calls ?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(7

俯瞰星空 2024-12-24 12:03:38

请在ajax成功或失败后调用此函数:

$('.result').load('testtemplateboth/testpagetpl');
clearconsole();

function clearconsole() { 
  console.log(window.console);
  if(window.console || window.console.firebug) {
   console.clear();
  }
}

OR

$('.log').ajaxComplete(function() { 
  clearconsole();
  $(this).text('Triggered ajaxComplete handler.');
});

function clearconsole() { 
  console.log(window.console);
  if(window.console || window.console.firebug) {
   console.clear();
  }
}

Please, call this function after ajax success or fail:

$('.result').load('testtemplateboth/testpagetpl');
clearconsole();

function clearconsole() { 
  console.log(window.console);
  if(window.console || window.console.firebug) {
   console.clear();
  }
}

OR

$('.log').ajaxComplete(function() { 
  clearconsole();
  $(this).text('Triggered ajaxComplete handler.');
});

function clearconsole() { 
  console.log(window.console);
  if(window.console || window.console.firebug) {
   console.clear();
  }
}
江湖彼岸 2024-12-24 12:03:38

进行 JSONP 调用。 JSONP 调用不是真正的 ajax 请求(因为它们不使用 XMLHttpRequest 对象,而只是将脚本标记注入到 DOM 中)。但它们不会在 Firebug 中显示。

Make JSONP calls. JSONP calls are not real ajax requests (because they don't use XMLHttpRequest object, and they simply inject a script tag into the DOM). But they won't be shown in Firebug.

梦开始←不甜 2024-12-24 12:03:38

如此处所述(https://getfirebug.com/wiki/index.php/Console_Panel ),您可以在 about:config 选项卡中设置它,更改 extensions.firebug.showXMLHttpRequests 值。

As described here (https://getfirebug.com/wiki/index.php/Console_Panel), you can set it in about:config tab, changing the extensions.firebug.showXMLHttpRequests value.

梦里南柯 2024-12-24 12:03:38

使用二进制 websocket。

尽管某些浏览器在某些情况下仍然允许用户“检查”websocket 数据包的内容,但这通常仅限于纯文本 websocket,并且对于二进制数据来说要困难得多……而且肯定不会显示在控制台中。

这是 Livereload (http://livereload.com/) 使用的方法,以避免使用 ajax 请求向控制台发送垃圾邮件使使用控制台进行真正的调试变得有意义。

显然,正如该线程中的其他帖子所指出的,您无法阻止某人使用 Wireshark 等工具实际捕获请求;但可以说,二进制 Web 套接字可以阻止 90% 的标准 ajax 请求可能出现的随意篡改。

Use a binary websocket.

Although some browsers still allow users 'inspect' the contents of websocket packets in some cases, this is generally restricted to text-only websockets and a lot more difficult for binary data... and most definitely will not show up in the console.

This is the approach that Livereload (http://livereload.com/) uses to avoid spamming the console with ajax requests that make using the console for real debugging meaningful.

Obviously as the other posts in this thread have stated you cannot prevent someone from actually catching requests using tools such as Wireshark; but arguably a binary web socket would discourage 90% of the casual tampering that you might get with standard ajax requests.

久夏青 2024-12-24 12:03:38

我尝试过 jQuery,但它总是使用普通的 ajax 调用。根据文档:具有“JSONP”或“脚本”数据类型和“GET”类型的请求应导致“脚本”传输模式。它的工作方式如下:

客户端

var h = $('head')[0];
var e = document.createElement('SCRIPT');
e.src = "/c.php?getRefresh=1"+("&_="+(+new Date()));
e.onload = function(){
    //script from server executed       
    h.removeChild(e);
}
h.appendChild(e);   

服务器端

if(isset($_GET['getRefresh'])){
    header("Content-Type: text/javascript");
    die("console.log('OK');");
}

I have tried jQuery but it always used normal ajax calls. According to the docs: requests with "JSONP" or "script" dataType and "GET" type should result "script" transport mode. It works this way:

Client side:

var h = $('head')[0];
var e = document.createElement('SCRIPT');
e.src = "/c.php?getRefresh=1"+("&_="+(+new Date()));
e.onload = function(){
    //script from server executed       
    h.removeChild(e);
}
h.appendChild(e);   

Server side:

if(isset($_GET['getRefresh'])){
    header("Content-Type: text/javascript");
    die("console.log('OK');");
}
风情万种。 2024-12-24 12:03:38

我认为您无法完全隐藏来自任何嗅探软件的调用,因为某些嗅探软件包在非常低的级别上工作(如此低,您实际上无法从浏览器/代码中到达那里)。

如果您想屏蔽呼叫(例如隐藏呼叫的位置),您可以将其发送到您自己的服务器,然后服务器可以自行进行呼叫(使用一些屏蔽命令)。

就像调用 http://myserver.com/doCommand?command=cmd1¶meter1 =param1¶meter2=param2

服务器可以具有读取命令和参数、执行它们然后报告结果的逻辑。无论如何,客户端(浏览器)和服务器之间的调用都可以被嗅探软件捕获。

它很像一个代理。客户端可以看到发送给代理的内容,但不知道接下来会发生什么。

不管怎样,在你屏蔽来自调用者而不是外部世界的调用之后,感觉有点像架构本身有问题。

I don't think you will be able to completely hide calls from any sniffing software due to the fact that some sniffing software packages work on a very low level (so low you can't actually get there from browser / code).

If you want to mask a call (e.g. hide where the call goes) you can send it to a server of your own and then the server can make the call itself (using some masked commands).

Like calling http://myserver.com/doCommand?command=cmd1¶meter1=param1¶meter2=param2

And the server can have the logic that will read the command and parameters, execute them and then report back with the results. Anyway the call between the client (browser) and your server can be caught by the sniffing software.

It is much like a proxy. The client can see what goes to the proxy but it will not know what happens next.

Anyway it feels a bit as if you have a problem with the architecture itself after you are going after masking calls from the caller and not the outer world.

木有鱼丸 2024-12-24 12:03:38

与 Saeed 在 JSONP 中所说的类似,您可以更改图像/文件/脚本“src”属性的来源。服务器会在发生变化时发送请求,从而实现与服务器的通信。我还没有尝试过,但我正在考虑自己实施它。

Similar to what Saeed was saying with JSONP, you could change the source of an image/file/script "src" attribute. The server will send the request when it changes, thus making it possible to communicate with the server. I haven't tried this but I'm looking at implementing it for something myself.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文