可以将加载到IFRAME中的网站访问或告知加载在其他Windows / iframe中的网站cookie等吗?

编程问答 2022-08-15

问题描述

我们已经建立了Facebook的反向代理。我们在服务器上整理了另一个子域,并使用以下https://www.facebook.com将其指向web.config。 (为安全起见,略作编辑。)

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <rule name="ReverseProxyInboundRule1" stopProcessing="true">
          <match url="(.*)" />
          <action type="Rewrite" url="https://www.facebook.com/{R:1}" />
          <serverVariables>
            <set name="HTTP_X_ORIGINAL_ACCEPT_ENCODING" value="{HTTP_ACCEPT_ENCODING}" />
            <set name="HTTP_ACCEPT_ENCODING" value="" />
          </serverVariables>
        </rule>
        <rule name="Capture Http Origin Header">
          <match url=".*" />
          <conditions>
            <add input="{HTTP_ORIGIN}" pattern=".+" />
          </conditions>
          <serverVariables>
            <set name="HTTP_X_HTTP_ORIGIN" value="{C:0}" />
          </serverVariables>
          <action type="None" />
        </rule>
      </rules>
      <outboundRules>
        <rule name="ReverseProxyOutboundRule1" preCondition="ResponseIsHtml1">
          <match filterByTags="A,Form,Img" pattern="^http(s)?://facebook.com/(.*)" />
          <action type="Rewrite" value="http{R:1}://sub.domain.com.au/{R:2}" />
        </rule>
        <rule name="Rewrite x-frame-options" enabled="true" patternSyntax="Wildcard">
          <match serverVariable="RESPONSE_x-frame-options" pattern="*" />
          <conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
          <action type="Rewrite" />
        </rule>
        <rule name="Set-Access-Control-Allow-Origin for kNown origins" enabled="true">
          <match serverVariable="RESPONSE_Access-Control-Allow-Origin" pattern=".+" negate="true" />
          <conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
          <action type="Rewrite" value="{HTTP_X_HTTP_ORIGIN}" />
        </rule>
        <rule name="Restore Accept Encoding" preCondition="Needs to Restore Original Accept Encoding" enabled="true">
          <match serverVariable="HTTP_ACCEPT_ENCODING" pattern="^(.*)$" />
          <conditions logicalGrouping="MatchAll" trackAllCaptures="true" />
          <action type="Rewrite" value="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" />
        </rule>
        <preConditions>
          <preCondition name="ResponseIsHtml1">
            <add input="{RESPONSE_CONTENT_TYPE}" pattern="^text/html" />
          </preCondition>
          <preCondition name="Needs to Restore Original Accept Encoding">
            <add input="{HTTP_X_ORIGINAL_ACCEPT_ENCODING}" pattern=".*" />
          </preCondition>
        </preConditions>
      </outboundRules>
    </rewrite>
  </system.webServer>
</configuration>

现在,我可以在其中包含带有iframesrc的HTML文件,其中 lines = [Map1.splitlines(),Map2.splitlines(),Map3.splitlines(),Map4.splitlines(),Map5.splitlines(),Map6.splitlines()] for l in zip(*lines): print(*l,sep="") lines = [Map7.splitlines(),Map8.splitlines(),Map9.splitlines(),Map10.splitlines(),Map11.splitlines(),Map12.splitlines()] for l in zip(*lines): print(*l,sep="") lines = [Map13.splitlines(),Map14.splitlines(),Map15.splitlines(),Map16.splitlines(),Map17.splitlines(),Map18.splitlines()] for l in zip(*lines): print(*l,sep="") lines = [Map19.splitlines(),Map20.splitlines(),Map21.splitlines(),Map22.splitlines(),Map23.splitlines(),Map24.splitlines()] for l in zip(*lines): print(*l,sep="") 为“ https://sub.domain.com.au/someFacebookSite”,并在该站点显示Facebook没有通常的CORS相关通知的iframe。

iframe中的网站未从其他任何浏览器窗口中获取Facebook登录详细信息。我希望那是设计使然。但是,是否有可能在iframe中告知有关当前正在加载Facebook的其他窗口/ iframe的页面,以便iframe-d页面可以加载帐户授权数据?

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

iframeiisiisjavascriptreverse-proxyurl-rewriting