SO-ChatBot icon indicating copy to clipboard operation
SO-ChatBot copied to clipboard
verified publisher icon Zirak

run-headless: Disable cross origin protection ("webSecurity")

Open allquixotic opened this issue 9 years ago • 2 comments

This is required to support the latest release of PhantomJS.

Explanation and 1-line diff here.

PhantomJS 2.1.1 is now properly respecting cross-origin strictness with web-security set to true (the default). To maintain support for the way the bot is architected, we have to tell PhantomJS it's okay to do cross-origin stuff. We trust chat.SE/SO and the bot script, right? :)

NB: PhantomJS 2.0 erroneously allowed our cross-origin stuff to run just fine with web-security enabled. This was actually a security vulnerability of sorts in PhantomJS. So we're just regressing our "security level" to where we used to be, not actually making it any worse.

allquixotic avatar Jan 25 '16 07:01 allquixotic

What part of the bot violates web security?

Zirak avatar Jan 25 '16 07:01 Zirak

Hmm, not sure. PJS doesn't give me enough info. I can try to find out exactly what it is, but would probably need a verbose option somewhere in Nightmare.

Here's the console output with webSecurity enabled (no errors with webSecurity false):

$ node run-headless.js
phantom stdout: NETWORK_ERR: XMLHttpRequest Exception 101: A network error occurred in synchronous requests.

  phantomjs://code/shim.js:1815 in send
  phantomjs://code/shim.js:1815 in _start
  phantomjs://code/shim.js:1842

Update: With PhantomJS --debug=true, not much better output (squelched notification of my cookies being picked up from the CookieJar):

phantom stderr: 2016-01-25T07:45:20 [DEBUG] Set  "http"  proxy to:  "" : 1080

phantom stderr: 2016-01-25T07:45:20 [DEBUG] Phantom - execute: Configuration
2016-01-25T07:45:20 [DEBUG]      0 objectName : ""
2016-01-25T07:45:20 [DEBUG]      1 cookiesFile : "cookies.jar"
2016-01-25T07:45:20 [DEBUG]      2 diskCacheEnabled : "false"
2016-01-25T07:45:20 [DEBUG]      3 maxDiskCacheSize : "-1"
2016-01-25T07:45:20 [DEBUG]      4 diskCachePath : ""
2016-01-25T07:45:20 [DEBUG]      5 ignoreSslErrors : "true"
2016-01-25T07:45:20 [DEBUG]      6 localUrlAccessEnabled : "true"
2016-01-25T07:45:20 [DEBUG]      7 localToRemoteUrlAccessEnabled : "false"
2016-01-25T07:45:20 [DEBUG]      8 outputEncoding : "UTF-8"
2016-01-25T07:45:20 [DEBUG]      9 proxyType : "http"
2016-01-25T07:45:20 [DEBUG]      10 proxy : ":1080"
2016-01-25T07:45:20 [DEBUG]      11 proxyAuth : ":"
2016-01-25T07:45:20 [DEBUG]      12 scriptEncoding : "UTF-8"
2016-01-25T07:45:20 [DEBUG]      13 webSecurityEnabled : "true"
2016-01-25T07:45:20 [DEBUG]      14 offlineStoragePath : ""
2016-01-25T07:45:20 [DEBUG]      15 localStoragePath : ""
2016-01-25T07:45:20 [DEBUG]      16 localStorageDefaultQuota : "-1"
2016-01-25T07:45:20 [DEBUG]      17 offlineStorageDefaultQuota : "-1"
2016-01-25T07:45:20 [DEBUG]      18 printDebugMessages : "true"
2016-01-25T07:45:20 [DEBUG]      19 javascriptCanOpenWindows : "true"

phantom stderr: 2016-01-25T07:45:20 [DEBUG]      20 javascriptCanCloseWindows : "true"
2016-01-25T07:45:20 [DEBUG]      21 sslProtocol : "any"
2016-01-25T07:45:20 [DEBUG]      22 sslCiphers : "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SH$
2016-01-25T07:45:20 [DEBUG]      23 sslCertificatesPath : ""
2016-01-25T07:45:20 [DEBUG]      24 sslClientCertificateFile : ""
2016-01-25T07:45:20 [DEBUG]      25 sslClientKeyFile : ""
2016-01-25T07:45:20 [DEBUG]      26 sslClientKeyPassphrase : ""
2016-01-25T07:45:20 [DEBUG]      27 webdriver : ":"
2016-01-25T07:45:20 [DEBUG]      28 webdriverLogFile : ""
2016-01-25T07:45:20 [DEBUG]      29 webdriverLogLevel : "INFO"
2016-01-25T07:45:20 [DEBUG]      30 webdriverSeleniumGridHub : ""

phantom stderr: 2016-01-25T07:45:20 [DEBUG] Phantom - execute: Script & Arguments
2016-01-25T07:45:20 [DEBUG]      script: "/home/sean/dev/SO-ChatBot/node_modules/nightmare/node_modules/phantom/shim.js"
2016-01-25T07:45:20 [DEBUG]      0 arg: "13201"
2016-01-25T07:45:20 [DEBUG]      1 arg: "127.0.0.1"
2016-01-25T07:45:20 [DEBUG] Phantom - execute: Starting normal mode

phantom stderr: 2016-01-25T07:45:20 [DEBUG] WebPage - setupFrame ""

phantom stderr: 2016-01-25T07:45:20 [DEBUG] FileSystem - _open: ":/modules/fs.js" QMap(("mode", QVariant(QString, "r")))

phantom stderr: 2016-01-25T07:45:20 [DEBUG] FileSystem - _open: ":/modules/system.js" QMap(("mode", QVariant(QString, "r")))

phantom stderr: 2016-01-25T07:45:20 [DEBUG] FileSystem - _open: ":/modules/webpage.js" QMap(("mode", QVariant(QString, "r")))

phantom stdout: NETWORK_ERR: XMLHttpRequest Exception 101: A network error occurred in synchronous requests.

phantom stdout:   phantomjs://code/shim.js:1815 in send
  phantomjs://code/shim.js:1815 in _start
  phantomjs://code/shim.js:1842

allquixotic avatar Jan 25 '16 07:01 allquixotic