Saturday 6 May 2017

cross domain origin security in NWJS

i'm trying to connect to my ISP modem to get some hidden data, so i created an html page with some javascript Inside. i use xmlhttprequest to login to the page, it works but i can't get the cookie which is compulsory to make my requests and to get those hidden data. I read that with NWJS i can bypass the CORS limitations...but i don't know what i'm doing wrong... i'm actualy using the latest SDK NWJS 0.22.1

Here is my package.json:

{
 "main": "index.html",
 "name": "Liveboxinfos",
 "description": "test app",
 "version": "1.0.0",
 "nodejs": true,
 "node-remote": "http://192.168.1.1/*",
 "permissions": ["*://*/*"],
 "chromium-args": "--disable-web-security --user-data-dir",
 "window": {
 "title": "node-webkit demo",
 "icon": "link.png",
 "toolbar": true,
 "frame": true,
 "width": 1200,
 "height": 600,
 "position": "center",
 "min_width": 600,
 "min_height": 400,
 "max_width": 1200,
 "max_height": 600
 }
}

And here is the javascript part of my index.html :

var ip = "192.168.1.1";
var password = "password";

var HTTP = new XMLHttpRequest();
var url = "http://" + ip;
var params = '{"service":"sah.Device.Information","method":"createContext","parameters":{"applicationName":"so_sdkut","username":"admin","password":"' + password + '"}}';

HTTP.open("POST", url, false);
HTTP.setRequestHeader("Content-Type", "application/x-sah-ws-4-call+json");
HTTP.setRequestHeader("Authorization", "X-Sah-Login");
HTTP.withCredentials = true;
HTTP.onreadystatechange = function() {//Call a function when the state changes.
    if(HTTP.readyState == 4 && HTTP.status == 200) {
        //alert(HTTP.responseText);
    }
}

HTTP.send(params);

const regex = /contextID":"(.*?)"/;
const Received = HTTP.responseText;
const cookie = HTTP.getResponseHeader("set-cookie");

Here is my test application, you can see that cookie = null... application nwjs test



via Speedy Gonzalez

No comments:

Post a Comment