Comments (14)
@laurentj I am trying to sniff the network for CORS requests/responses, and I can't see those responses, I'm guessing because of web-security flag that is set to true. I think this makes a good use case to implement this feature. Is there any chance this will make it to the roadmap?
Thanks.
from slimerjs.
So by default is SlimerJS web-security true or false?
from slimerjs.
True of course...
from slimerjs.
So right now, it cannot be turned off? Sorry if this is a stupid question.
from slimerjs.
No, else this ticket would be closed ;-) And I didn't investigate yet to know how to deactivate it into gecko...
from slimerjs.
Is there a workaround for this in the meantime?
I'm getting complaints about a self-signed certificate when trying to test an https site. (I'm also getting complaints about it being expired, and being for a different domain name, but those are things I can fix by regenerating the certificate; its self-signed-ness isn't so easy to get around.)
from slimerjs.
@DarrenCook you did a comment on the wrong issue. What you want is the option --ignore-ssl-error. see issue #26. However this is not yet implemented (and not easy to implement), and the workaround is to use a Firefox profile (see doc) in which the certificate has been accepted.
from slimerjs.
I would like some examples where this disabling is really needed....
from slimerjs.
One example would be dealing with iframes at the page.evaluate() level. With web security turned on, the same origin policy will block you from doing anything with the DOM in iframes, so you have to switchToFrame() for each action you want to take on different iframes in the same window. If you want to simulate moving the mouse over an iframe, or even worse a series of nested iframes, then this is maddening. With web security turned off, you can query and manipulate the contents of every iframe without leaving the main document. You can also easily get accurate offset values for elements in iframes compared to window.top, without having to walk up the frame stack and add up the offsets manually.
However a lot of the same origin problems can be solved by writing code with chrome privileges to get the values you need, without having to disable websecurity.
In terms of PhantomJS parity, with PhantomJS I've found many situations where the same origin policy still blocks me from certain iframes, even with web security ostensibly turned off (notably nested Google or Doubleclick iframes with javascript urls).
from slimerjs.
I second g0morra's reply. I'm currently working on automated page tester which has to make sure all login fields are in place, and it breaks whenever there is an iframe form a different domain. And the solution involving switching frames, while possible, is quite cumbersome.
from slimerjs.
so you have to switchToFrame() for each action you want to take on different iframes in the same window
yes, this is how you should do. Disabling security is not very recommended. Behavior can changed (imagine a web page loading a iframe containing a malicious page).
If you want to simulate moving the mouse over an iframe,
Well, webpage.sendEvent() does not need to switch between frames...
However a lot of the same origin problems can be solved by writing code with chrome privileges to get the values you need, without having to disable websecurity.
Probably we could improve the API by providing new methods ?
And/Or provide a better API to manipulate content in frames ?
I'm currently working on automated page tester which has to make sure all login fields are in place, and it breaks whenever there is an iframe form a different domain
IMHO, doing test should be done in same security context as a "true" browser. Else you are not sure that your web page will have the same behavior than in a true browser.
@Lukich and @gomorra : I think that disabling security for what you want to do is not the good solution. Disabling security is just a workaround. The best solution is to propose improvements in the API to ease some tasks.
from slimerjs.
I would like this feature as well.
When using slimerjs with "http://mywebsite.com" everything works fine. However in order to simplify some tooling I would prefer not to require everyone who runs the tool have a web server. So instead I called "file:///path/to/mywebsite/index.html". But this does not work because I get a security violation since I need to get a file with a "../" url. With phantomjs I was able to get this working by disabling security (but I had to punt on phantom because it does not support webGL).
from slimerjs.
This happened to me while trying to use slimerjs to test clojurescript code using core.async.
The cause of the error is not made clear in the error message. FWIW, the code I am testing does not connect to a remote host.
The symptom is that slimer hangs with the only output being "Error: The operation is insecure." which is not at all helpful to me in trying to sort out what is causing this in the compiled clojurescript.
from slimerjs.
Is there any reason not to implement the one?
from slimerjs.
Related Issues (20)
- Documentation improvement: major difference between the behaviour of evaluateJavaScript in PhantomJS VS SlimerJS
- Is it possible to use with remote running firefox instance?
- when will FF 61 be supported? HOT 1
- segmentation fault errors
- how to access browser default popup?
- SlimerJS not compatible with Firefox 62 HOT 5
- SlimerJS not compatible with Firefox 63 HOT 11
- slimer 1.0.0 leaves a lot of garbage in /tmp HOT 1
- Can't render this site, https://piaofang.maoyan.com/dashboard
- Cannot delete window.callPhantom HOT 1
- Strange bash script behaviour on Heroku
- Script won't work if modules aren't ended with semicolons before async handler HOT 1
- SlimerJS crashes on Windows Server with Firefox 67 HOT 1
- I need each script to connect to a different proxy
- 'expires' attribute from page.cookies is incorrect
- Arch/Manjaro package manager can not download from download.slimerjs.org HOT 1
- Appropriate version of firefox for slimerjs on a raspberry pi? HOT 2
- No more development on Slimerjs HOT 1
- Thumbnail is not generating for video assets
- Crash Annotation GraphicsCriticalError for headless selenium on firefox browser HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from slimerjs.