Javascript 我可以从父页面验证 iFrame 页面吗?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4159500/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Can I authenticate an iFrame page from the parent page?
提问by Jamey McElveen
I have a simple HTML page that rotates through several status pages that I display on several tv's around campus. I regularly update the page and the links. Many times the pages require authentication. It is a pain to remote to ever terminal to supply credentials. Some are HTTP authentication and some are some <form>based authentication baked into the site. Many times I can get around the <form>based authentication with HTML and JavaScript that post the right credentials.
我有一个简单的 HTML 页面,它可以在我在校园周围的几台电视上显示的几个状态页面之间旋转。我会定期更新页面和链接。很多时候页面需要身份验证。远程到任何终端提供凭据是一件痛苦的事情。有些是 HTTP 身份验证,有些是<form>站点中的一些基于身份验证。很多时候,我可以<form>使用发布正确凭据的 HTML 和 JavaScript绕过基于身份验证的问题。
Is there a better way to get around the
<form>based authentication from the host page? (below)Is there any way to get around the Server/HTTP based authentication from the host page without having to manually authenticate on ever display?
有没有更好的方法来绕过
<form>主机页面的基于身份验证?(以下)有没有办法从主机页面绕过基于服务器/HTTP 的身份验证,而无需在显示时手动进行身份验证?
By <form>authentication I mean that a <form>action generates a session cookie?
( mikerobi, thanks for the comment)
通过<form>身份验证我的意思是一个<form>动作生成一个会话 cookie?
( mikerobi,感谢您的评论)
Here is the code for the host page
这是主机页面的代码
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>
Important Stuff
</title>
<script src="/scripts/jquery.js" type="text/javascript"></script>
<style type="text/css">
html, body, iframe { margin:0; height:100%; }
iframe { display:block; width:100%; border:none; }
</style>
<script type="text/javascript">
var link = new Array();
link[0] = "http://mycompany.intranet/";
link[1] = "http://mycompany.intranet/weather.htm";
link[2] = "http://mycompany.intranet/systemstatus/";
var linkIndex = 0;
setInterval("doSomething()", 10000);
function doSomething() {
if (linkIndex >= link.length)
{
// reload in case the page has been updated
window.location.reload();
}
$("#frame").attr("src", link[linkIndex]);
linkIndex++;
}
</script>
</head>
<body>
<iframe id="frame" src="http://mycompany.intranet/"></iframe>
</body>
</html>
回答by PleaseStand
I don't see your code that sends the credentials for the POST-based login, but if you are using JavaScript to automatically submit a form (using its
.submit()method), that is probably the best way. Keep in mind that thetargetattribute of an HTML form allows you to submit the form in a different window (or in your case, iframe) — just give aname="xyz"attribute to the iframe and usetarget="xyz"for the form. The form would be located in the host page and could be hidden using the CSSdisplay: none.You can include the HTTP Basic Auth username and password in the URL, like:
http://username:[email protected]/path. Note that current web browsers may not allow this in their default configurations as a safeguard against a specific phishing technique, and you may have to change the configurationby editing the Windows Registry or other places where web browser settings are stored.
我没有看到您发送基于 POST 登录凭据的代码,但如果您使用 JavaScript 自动提交表单(使用其
.submit()方法),这可能是最好的方法。请记住,targetHTML 表单的属性允许您在不同的窗口(或在您的情况下,iframe)中提交表单 - 只需为 iframe 提供一个name="xyz"属性并target="xyz"用于表单。该表单将位于主机页面中,并且可以使用 CSS 隐藏display: none。您可以在 URL 中包含 HTTP 基本身份验证用户名和密码,例如:
http://username:[email protected]/path。请注意,当前的 Web 浏览器在其默认配置中可能不允许这样做,以防止特定的网络钓鱼技术,您可能必须通过编辑 Windows 注册表或其他存储 Web 浏览器设置的位置来更改配置。
