Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
XMLHttpRequest access the file:// when we on http:// domain
See original GitHub issueHi,
XMLHttpRequest can access the local files when we on http domain, you can produce from this repo https://github.com/selam/jsdom-xmlhttp-bug, this can be serius security problem, attacker can steal some your local files easly becouse XMLHttpRequest doesnt care window.location.href or window.document.URL
When i try to access local files from http domain from browser i got two error messages on console
XMLHttpRequest cannot load file:///home/timu/workspace/jsdom-xmlhttp-bug/test.html. Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https, chrome-extension-resource.(anonymous function) @ test.html:12
test.html:12 Uncaught NetworkError: Failed to execute 'send' on 'XMLHttpRequest': Failed to load 'file:///home/timu/workspace/jsdom-xmlhttp-bug/test.html'.
Also i haven’t check yet but i believe XMLHttpRequest and jsdom also doesn’t care Cross origin, X-Frame-Options, Content-Security-Policy, X-XSS-Protection headers from responses
Issue Analytics
- State:
- Created 8 years ago
- Comments:41 (23 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
You don’t have to change anything. The codebase is meant to run in a browser, so if it’s using
requirethere, then browserify it, like @niftylettuce did.The Node global environment is not a browser global environment. Creating some monster hybrid where parts of it become pointers to a newly-created jsdom window, and parts of it are Node.js, causes many issues. Not the least of which is that jsdom is not designed to work in that environment, accessed via external pointers.
What you are doing is like trying to do a test in the browser by creating an iframe, setting
window.window = iframe.contentWindow,window.document = iframe.contentWindow.document. You would never actually do this. You would just load your tests in the iframe.Did you not see https://github.com/tmpvar/jsdom/issues/1203#issuecomment-160725194 ?
The approach in https://github.com/tmpvar/jsdom/issues/1203#issuecomment-160725194