Win a copy of Re-engineering Legacy Software this week in the Refactoring forum
or Docker in Action in the Cloud/Virtualization forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

By-passing Browser Same Origin Policy

 
Alec Lee
Ranch Hand
Posts: 569
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I want to read the content of another browser window using Javascript. I'd like to use window.open() to open any arbitrary URL (whose content I have no control) and read or send mouse event to the DOM of that window. One use of this is that I can automatically login, say, hotmail and download my emails.

But a major problem is browser normally doesn't allow this due to same origin policy. For normal HTTP request, I am able to overcome this issue by installing a proxy server (Apache) of my own so that my own Javascript code is loaded from a URL containing any hostname of my choice. e.g. I can make Apache serving all html requests under mycode/ regardless of the intended host e.g. http://www.hotmail.com/mycode/abc.html would be served by my Apache proxy server.

But a major issue is if the URL is HTTPS:, the proxy server approach become very difficult to setup as there doesn't seem to be a way to config Apache as a reverse proxy for HTTPS.

Does anyone encountered similar issue like using Javascript to implement auto functional test framework.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic