如何隐藏来自萤火虫控制台的 ajax 请求?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/8223319/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to hide ajax requests from firebug console?
提问by niksmac
How to hide ajax requests from firebug console or anything that shows ajax calls ?
如何隐藏来自萤火虫控制台或任何显示 ajax 调用的 ajax 请求?
采纳答案by Saeed Neamati
回答by Vinoth M
Please, call this function after ajax success or fail:
请在 ajax 成功或失败后调用此函数:
$('.result').load('testtemplateboth/testpagetpl');
clearconsole();
function clearconsole() {
console.log(window.console);
if(window.console || window.console.firebug) {
console.clear();
}
}
OR
或者
$('.log').ajaxComplete(function() {
clearconsole();
$(this).text('Triggered ajaxComplete handler.');
});
function clearconsole() {
console.log(window.console);
if(window.console || window.console.firebug) {
console.clear();
}
}
回答by rashtao
As described here (https://getfirebug.com/wiki/index.php/Console_Panel), you can set it in about:config tab, changing the extensions.firebug.showXMLHttpRequests value.
如此处所述(https://getfirebug.com/wiki/index.php/Console_Panel),您可以在 about:config 选项卡中设置它,更改 extensions.firebug.showXMLHttpRequests 值。
回答by Doug
Use a binary websocket.
使用二进制 websocket。
Although some browsers still allow users 'inspect' the contents of websocket packets in some cases, this is generally restricted to text-only websockets and a lot more difficult for binary data... and most definitely will not show up in the console.
尽管某些浏览器在某些情况下仍然允许用户“检查” websocket 数据包的内容,但这通常仅限于纯文本 websockets 并且对于二进制数据要困难得多……而且绝对不会出现在控制台中。
This is the approach that Livereload (http://livereload.com/) uses to avoid spamming the console with ajax requests that make using the console for real debugging meaningful.
这是 Livereload ( http://livereload.com/) 用来避免向控制台发送 ajax 请求的垃圾邮件的方法,这使得使用控制台进行真正的调试变得有意义。
Obviously as the other posts in this thread have stated you cannotprevent someone from actually catching requests using tools such as Wireshark; but arguably a binary web socket would discourage 90% of the casual tampering that you might get with standard ajax requests.
显然,正如该线程中的其他帖子所述,您无法阻止某人使用 Wireshark 等工具实际捕获请求;但可以说,二进制网络套接字会阻止 90% 的随意篡改,您可能会使用标准 ajax 请求。
回答by Doug
I have tried jQuery but it always used normal ajax calls. According to the docs: requests with "JSONP" or "script" dataType and "GET" type should result "script" transport mode. It works this way:
我尝试过 jQuery,但它总是使用普通的 ajax 调用。根据文档:具有“JSONP”或“脚本”数据类型和“GET”类型的请求应导致“脚本”传输模式。它是这样工作的:
Client side:
客户端:
var h = $('head')[0];
var e = document.createElement('SCRIPT');
e.src = "/c.php?getRefresh=1"+("&_="+(+new Date()));
e.onload = function(){
//script from server executed
h.removeChild(e);
}
h.appendChild(e);
Server side:
服务器端:
if(isset($_GET['getRefresh'])){
header("Content-Type: text/javascript");
die("console.log('OK');");
}
回答by Pavel Donchev
I don't think you will be able to completely hide calls from any sniffing software due to the fact that some sniffing software packages work on a very low level (so low you can't actually get there from browser / code).
我认为您无法完全隐藏来自任何嗅探软件的调用,因为某些嗅探软件包在非常低的级别上工作(低到您实际上无法从浏览器/代码到达那里)。
If you want to mask a call (e.g. hide where the call goes) you can send it to a server of your own and then the server can make the call itself (using some masked commands).
如果您想屏蔽呼叫(例如隐藏呼叫的位置),您可以将其发送到您自己的服务器,然后服务器可以自行进行呼叫(使用一些屏蔽命令)。
Like calling http://myserver.com/doCommand?command=cmd1¶meter1=param1¶meter2=param2
比如调用http://myserver.com/doCommand?command=cmd1¶meter1=param1¶meter2=param2
And the server can have the logic that will read the command and parameters, execute them and then report back with the results. Anyway the call between the client (browser) and your server can be caught by the sniffing software.
服务器可以具有读取命令和参数的逻辑,执行它们然后返回结果。无论如何,嗅探软件可以捕获客户端(浏览器)和您的服务器之间的调用。
It is much like a proxy. The client can see what goes to the proxy but it will not know what happens next.
它很像一个代理。客户端可以看到什么去代理,但它不知道接下来会发生什么。
Anyway it feels a bit as if you have a problem with the architecture itself after you are going after masking calls from the caller and not the outer world.
无论如何,在您屏蔽来自调用者而不是外部世界的调用之后,感觉好像架构本身有问题。
回答by cjroth
Similar to what Saeed was saying with JSONP, you could change the source of an image/file/script "src" attribute. The server will send the request when it changes, thus making it possible to communicate with the server. I haven't tried this but I'm looking at implementing it for something myself.
与 Saeed 用 JSONP 所说的类似,您可以更改图像/文件/脚本“src”属性的来源。服务器会在请求发生变化时发送请求,从而可以与服务器进行通信。我没有尝试过这个,但我正在考虑为自己实现它。
