jQuery .get for non https, in a userscript

问题

I made a script on my website that accesses a table on a different website. However, the other website is HTTP so chrome is telling me "This request has been blocked; the content must be served over HTTPS."

$.get('http://www.kanjidamage.com/kanji', null, function searchKD () { /*function*/ });

So what I'm asking is: how can I access elements on a different website even if it's not HTTPS.

回答1:

You have this tagged as tampermonkey. If that is the case, use it.

Tampermonkey allows one to bypass "mixed active content" restrictions by using GM_xmlhttpRequestDoc.

So this complete Greasemonkey/Tampermonkey script works fine:

// ==UserScript==
// @name     _Mixed content AJAX
// @match    https://stackoverflow.com/questions/44620859/*
// @require  http://ajax.googleapis.com/ajax/libs/jquery/2.1.0/jquery.min.js
// @grant    GM_xmlhttpRequest
// @connect  kanjidamage.com
// ==/UserScript==

GM_xmlhttpRequest ( {
    method: "GET",
    url: "http://www.kanjidamage.com/kanji",
    onload: function (response) {
        console.log (response.responseText);
    }
} );

回答2:

You either need to build a proxy, something server side that will get the remote content, and return it, or connect over https.

In PHP (For example), you could create a simple "kanji.php":

<?php

echo file_get_contents('http://www.kanjidamage.com/kanji');

?>

My suggestion:

Just download the page, strip the content you don't need (Like the header/footer), and then serve it locally. It seems like a simple enough page.

回答3:

Yeah, both sites must use https, or else it defeats the purpose. Some content is encrypted & some is not. You could potentially send information that should be secured like a credit card number to an unsecured source.

If you have access to your server code. You can make a route that makes the request to the unsecured http domain. This way all your frontend requests point to the same domain, and the browser is happy as all requests are https.

回答4:

you can try this :

$.get('//www.kanjidamage.com/kanji', null, function searchKD () { /*function*/ });

来源：https://stackoverflow.com/questions/44620859/jquery-get-for-non-https-in-a-userscript