无法从WhatsApp Web聊天控制台发出API请求？

发布于 2025-01-25 21:32:37 字数 866 浏览 1 评论 0 原文

访问WhatsApp Web聊天（ https://web.whatsapp.com/ ）
获取API呼叫

(async () => {
const response = await fetch(
  `https://jsonplaceholder.typicode.com/posts/1`
);
const json = await response.json();
console.log(json);
})();

：控制台返回此错误：

VM285:2 Refused to connect to 'https://jsonplaceholder.typicode.com/posts/1'
because it violates the document's Content Security Policy.

PS：对Telegram Web Chat（

有可能有能力使其适用于WhatsApp页面吗？

更新：您可以使用 Chrome扩展以绕过内容安全策略

原文

Visit the Whatsapp Web chat (https://web.whatsapp.com/)
Fetch an api call:

(async () => {
const response = await fetch(
  `https://jsonplaceholder.typicode.com/posts/1`
);
const json = await response.json();
console.log(json);
})();

The console returns this error:

VM285:2 Refused to connect to 'https://jsonplaceholder.typicode.com/posts/1'
because it violates the document's Content Security Policy.

PS: Do the same for Telegram Web chat (https://web.telegram.org) and it works

Is it possibile to have a workaround to make it work for the whatsapp page?

Update: You can use this chrome extension to bypass the Content Security Policy

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

臻嫒无言 2025-02-01 21:32:37

Web.whatsapp.com的内容安全策略当前定义了与以下指令的连接：

connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://*.giphy.com https://*.tenor.co https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://www.bingapis.com/api/v6/images/search https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql;

由于JSONPLACEHOLDER.TYPICODE.com不在该允许列表上，因此被阻止了，您无能为力。

电报显然没有为内容安全策略标题服务，而不是限制此类连接。

The Content Security Policy of web.whatsapp.com currently defines connects with the following directive:

connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://*.giphy.com https://*.tenor.co https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://www.bingapis.com/api/v6/images/search https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql;

As jsonplaceholder.typicode.com is not on that allowlist, it is blocked and there is nothing you can do about that.

Telegram is apparently not serving a Content Security Policy header and not restricting such connects.

回复收藏 0 原文

~没有更多了~