Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

不转发到 nohost的请求,不需要注入none.html #154

Open
obstrux opened this issue Jul 13, 2022 · 12 comments
Open

不转发到 nohost的请求,不需要注入none.html #154

obstrux opened this issue Jul 13, 2022 · 12 comments

Comments

@obstrux
Copy link

obstrux commented Jul 13, 2022
edited
Loading

某些资源注入script会导致出错,

<script>
  window.__whistle_nohost_from_imweb_is_inited__ = true;
</script>
@avwo
Copy link
Collaborator

avwo commented Jul 13, 2022

为什么注入这个会报错?

@obstrux
Copy link
Author

obstrux commented Jul 15, 2022

为什么注入这个会报错?

有些三方的文件会对script进行检验,就导致出问题,所以就想能不能加一个配置来过滤

@avwo
Copy link
Collaborator

avwo commented Jul 15, 2022

在管理后台的 Whistle 里面配置 路径 whistle.nohost://none 试试

@nozbwang
Copy link

nozbwang commented Aug 22, 2022
edited
Loading

在管理后台的 Whistle 里面配置 路径 whistle.nohost://none 试试

nohost version: 1.5.4

加上whistle.nohost://none之后,还是会添加脚本到html。还有其它的配置可以使用么,?可以不添加任何内容到html里。

目前添加的内容如下:

< !DOCTYPE html >

<script> window.__whistle_nohost_from_imweb_is_inited__ = true; </script>

@nozbwang
Copy link

nozbwang commented Aug 22, 2022
edited
Loading

通过修改响应头的content-type为非text/html,临时规避了这个问题。不知道是不是有其他更优雅的解决办法,期待回复中...

临时解决方案如下:
在管理后台的 Whistle 里面配置:
https://www.**.com/toolBox/code.do?type=2 resType://text

image

备注:
我们的业务场景是传递一个加密码到后台,后台再返回一串解密之后的数字到前台,然后前台保存响应中的数字在页面上。但是响应的的content-type是text/html,也是非常奇葩。

@avwo
Copy link
Collaborator

avwo commented Aug 23, 2022

https://www.**.com/toolBox/code.do?type=2 whistle.nohost://none 不行吗

@zxt5105515
Copy link

遇到了同样的问题,注入none.html后前端校验body过不去,有什么方法吗

@avwo
Copy link
Collaborator

avwo commented Nov 2, 2022

入口规则配 -domain

@zxt5105515
Copy link

zxt5105515 commented Nov 3, 2022
edited
Loading

不行,-domain只是不会注入whistle.nohost/inject.html,仍然会注入whistle.nohost/none.html

入口规则配 -domain

@avwo
Copy link
Collaborator

avwo commented Nov 3, 2022

哪来的 none.html

@zxt5105515
Copy link

哪来的 none.html

-domain域名的响应body开头会添加
< !DOCTYPE html >

<script> window.__whistle_nohost_from_imweb_is_inited__ = true; </script>

搜nohost代码发现是在 https://github.com/Tencent/nohost/blob/master/lib/plugins/whistle.nohost/_rules.txt

@avwo
Copy link
Collaborator

avwo commented Nov 3, 2022

这个是控制客户端插件注入的小圆点不要显示,注入也没问题不影响功能。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@zxt5105515 @obstrux @avwo @nozbwang