I would like to write a plugin that calculates a cryptographic hash of every file rendered in the browser (images, html, css, etc), without causing a second get request for the various files. Ideally I could listen for each resource being loaded and get a copy of the bytestream that comes back.
Does anyone know if such a hook exists / what it would be called?
Thanks!
Not at the moment.
There is a feature request to allow (at least) read access to response body in chrome.webRequest.onCompleted, but it's not currently implemented.
Related
My application is currently using HTML5 appcache.
I want to get the hash of files that I get from update() events. However, I can't seem to find out how to access the resources I downloaded.
I want to do something like
$.get( "/sunflowers.png", function( data ) {
hash(data)
});
I know that I can view the cached resources via chrome-internals however I hope to automate this process
PS: Bump for chromium devs! please advice.
AppCache is effectively deprecated at this point, so it's not likely that the answer for this original use case would still be relevant.
But in general, it's worth pointing out that there's a more "official" way of confirming that the contents of a downloaded subresource match the expected local hashes: using subresource integrity.
I have crawled the web quite a lot these days, but couldn't get any accurate information on how crossdomain.xml files behave in case of 302 redirects; especially with the sandboxes having changed significantly over the last versions!
I am relatively new to flash... so any advice is more than appreciated!
I have been working on a project lately that uses audio streams with some sort of CDN distribution! what happens is that a common url is triggered, and then the user is dynamically redirected to the next best server available. In my case, i have no access at the server side of things (at least not anytime soon). And the only path providing an appropriate crossdomain.xml is the one performing the redirect. All the other dynamic paths provide exclusively content!
http://resource.domain.com (valid crossdomain.xml)
302 => http://dyn1.domain.com/...
302 => http://dyn2.domain.com/...
302 => http://dyn3.domain.com/...
I noticed that flash doesn't care much if i try to load the audio stream with something like...
var req :URLRequest = new URLRequest("http://resource.domain.com");
var sound :Sound = new Sound(req); // ie. effectively playing http://dyn3.domain.com
sound.play();
It gets both redirecting, and streaming done well! and doesn't bother for any crossdomain file and starts playing!
Although when i try something different, like setting up some custom headers to the request and loading the file with URLStream instead, everything gets messy! Well, the redirect gets done, as expected but all of a sudden i need another crossdomain file in the redirected location!
Is there any explanation to whats happening and eventually ways to resolve this?!
Thanks for your time!
It comes as a site question : i noticed everything to work flawlessly while being in the local-trusted sandbox and errors happening mainly if not exclusively in the remote sandbox. is it possible that the local-trusted sandbox doesn't care about crossdomain policy files at all!?
Summary
Add crossdomain.xml to each CDN host or adopt to limited Sound functionality.
Details
SWF files that are assigned to the local-trusted sandbox can interact with any other SWF files and can load data from anywhere (remote or local).
Sound can load stuff from other domains that don't allow access using cross-domain policy with certain restrictions:
Certain operations dealing with sound are restricted. The data in a
loaded sound cannot be accessed by a file in a different domain unless
you implement a cross-domain policy file. Sound-related APIs that fall
under this restriction are Sound.id3, SoundMixer.computeSpectrum(),
SoundMixer.bufferTime, and the SoundTransform class.
Flash in general has pretty complex cross-domain policies but in your case the bottom line is that you'll need to have proper crossdmain.xml on each host except the one that serves the SWF:
3.1. If your file is served from http://resource.domain.com it's not required to have http://resource.domain.com/crossdomain.xml but it's really good to have one.
3.2. You will need to have proper http://dyn2.domain.com/crossdomain.xml explicitly allowing your SWF to access dyn2.domain.com to be able to use URLLoader and other APIs that provide access to raw loaded data.
3.3. There's a reason for these restrictions - cookies (and other ambient user credentials). If Flash would not require proper cross-domains after a redirect, one could access any domain with user cookies attached by simply loading his own redirector first. This means accessing all user cookie-protected data (e.g. mail.google.com) from any SWF on the internet that's running in your browser.
Well, using HTML5 file handlining api we can read files with the collaboration of inpty type file. What about ready files with pat like
/images/myimage.png
etc??
Any kind of help is appreciated
Yes, if it is chrome! Play with the filesytem you will be able to do that.
The simple answer is; no. When your HTML/CSS/images/JavaScript is downloaded to the client's end you are breaking loose of the server.
Simplistic Flowchart
User requests URL in Browser (for example; www.mydomain.com/index.html)
Server reads and fetches the required file (www.mydomain.com/index.html)
index.html and it's linked resources will be downloaded to the user's browser
The user's Browser will render the HTML page
The user's Browser will only fetch the files that came with the request (images/someimages.png and stuff like scripts/jquery.js)
Explanation
The problem you are facing here is that when HTML is being rendered locally it has no link with the server anymore, thus requesting what /images/ contains file-wise is not logically comparable as it resides on the server.
Work-around
What you can do, but this will neglect the reason of the question, is to make a server-side script in JSP/PHP/ASP/etc. This script will then traverse through the directory you want. In PHP you can do this by using opendir() (http://php.net/opendir).
With a XHR/AJAX call you could request the PHP page to return the directory listing. Easiest way to do this is by using jQuery's $.post() function in combination with JSON.
Caution!
You need to keep in mind that if you use the work-around you will store a link to be visible for everyone to see what's in your online directory you request (for example http://www.mydomain.com/my_image_dirlist.php would then return a stringified list of everything (or less based on certain rules in the server-side script) inside http://www.mydomain.com/images/.
Notes
http://www.html5rocks.com/en/tutorials/file/filesystem/ (seems to work only in Chrome, but would still not be exactly what you want)
If you don't need all files from a folder, but only those files that have been downloaded to your browser's cache in the URL request; you could try to search online for accessing browser cache (downloaded files) of the currently loaded page. Or make something like a DOM-walker and CSS reader (regex?) to see where all file-relations are.
I am trying to play story_html5.html video from Amazon Cloud fount in a IFrame, "story.html" is working fine in Iframe, but when use story_html5.html, it gives error.
Unsafe JavaScript attempt to access frame with URL "URL1" from frame with URL "URL2". Domains, protocols and ports must match.
Please let me know about the solution.
Thanks,
Laxmilal Menaria
I believe the html5 version of the file may be called once the code determines it's needed. Based on this, your personal code may look like it's trying to hijack the process and causing the exception. W/out the exact code you're working with though, it's hard to say. This is just based on my pulling apart some of the files a while back.
I'm looking for a way to POST data to a backend script, use it to generate a temporary file on the fly (temporary in that it's dynamically generated and not saved to disk on the server), and then offer it to the client as a download.
I have the backend script functioning fine. The problem is that I haven't yet found a way to get the download prompt via an AJAX call.
If I weren't POSTing data, I would just use something like:
window.location.href = 'path/to/my/script.php';
Is what I'm after even possible? Can it be done without resorting to "hacks" like dynamically injecting a form into the DOM and submitting it, or opening up another browser window, etc.?
make POST request;
create the resource;
answer with the resource path;
window.location.href = resourcePath.
[optional] want to secure such resource from third part download? Attach a CSRF token, and make the resource available only if CSRF check is passed - otherwise congratulations, you just won a 403 puppy!
If the resource has proper headers, the browser will ask you to save / open it with specific app. / an so.
You can't do that without a classic form submit unless you can somehow make the download available via GET.
However, doing that would be a good idea anyway since download managers etc. often don't work well with POST - so simply make your script generate a temporary URL and then redirect to that URL using the JavaScript you already posted in your question.