我正在尝试使用 Runtime.evaluate 访问跨源 iframe 的 contentDocument。据我了解的文档，这应该可以通过使用 Page.createIsolatedWorld + asks [1] 创建一个具有通用访问权限的 executionContext 并将返回的 grantUniveralAccess: true 传递给 {{1 }} 为 executionContextId。

有什么想法吗？

给定一个以 Runtime.evaluate [2] 开始的铬工艺。

contextId

[1] 我希望通用访问允许我以与 chromium-browser --user-data-dir=/tmp/headless --remote-debugging-port=9000 标志相同的方式访问跨源资源 - 在内部 grants universal access

// See [3] for full code
const frameId = /* frameId of our page with origin localhost:9000 */
function execute(command,args) { /* ... send and receive on websocket */ }

const {executionContextId} = await execute("Page.createIsolatedWorld",{
  frameId: frameId,grantUniveralAccess: true // NOT grantUniversalAccess. Typo in devtools protocol itself [4].
})

// fails with:
// Access to fetch at 'http://example.com/' from origin 'http://localhost:9000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs,set the request's mode to 'no-cors' to fetch the resource with CORS disabled. 
await execute("Runtime.evaluate",{
  awaitPromise: true,expression: `fetch("http://example.com").then(r => r.text())`,contextId: executionContextId
})

// fails with:
// Uncaught DOMException: Blocked a frame with origin "http://localhost:9000" from accessing a cross-origin frame.
execute("Runtime.evaluate",expression: `
    new Promise((resolve,reject) => {
      const iframe = document.createElement("iframe");
      iframe.src = "http://example.com"
      iframe.onload = () => resolve(iframe)
      iframe.onerror = reject;
      document.body.append(iframe)
    }).then(iframe => iframe.contentwindow.document)`,contextId: executionContextId
})

[2] 全速运行以便于调试（例如，看到完整的 cors 错误仅打印到控制台）- 使用 --disable-web-security 运行也不起作用。

[3]

  if (!frame_->GetSettings()->GetWebSecurityEnabled()) {
    // Web security is turned off. We should let this document access
    // every other document. This is used primary by testing harnesses for
    // web sites.
    origin->GrantUniversalAccess();

[4] 正确的参数名称是 grantUniveralAccess（--headless 中没有 const targets = await fetch("http://localhost:9000/json").then(r => r.json()); const tab = targets.filter(t => t.type === "page")[0]; let counter = 0,commands = {}; const w = new WebSocket(tab.webSocketDebuggerUrl); await new Promise(resolve => { w.onopen = resolve; }) w.onmessage = event => { const json = JSON.parse(event.data) if (commands[json.id]) commands[json.id](json); else console.log(json); // event } function execute(method,params) { return new Promise((resolve,reject) => { const id = counter++; commands[id] = ({result,error}) => { console.log(method,params,result,error) if (error) reject(error); else resolve(result); // delete commands[id]; }; w.send(JSON.stringify({method,id,params})); }); } window.execute = execute; window.frameId = tab.id; ）。通过传递类型不正确的值（期望布尔值）轻松验证

s

解决方法

暂无找到可以解决该程序问题的有效方法，小编努力寻找整理中！

如果你已经找到好的解决方法，欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@）