问题
How to hide ajax requests from firebug console or anything that shows ajax calls ?
回答1:
Make JSONP calls. JSONP calls are not real ajax requests (because they don't use XMLHttpRequest object, and they simply inject a script tag into the DOM). But they won't be shown in Firebug.
回答2:
Please, call this function after ajax success or fail:
$('.result').load('testtemplateboth/testpagetpl');
clearconsole();
function clearconsole() {
console.log(window.console);
if(window.console || window.console.firebug) {
console.clear();
}
}
OR
$('.log').ajaxComplete(function() {
clearconsole();
$(this).text('Triggered ajaxComplete handler.');
});
function clearconsole() {
console.log(window.console);
if(window.console || window.console.firebug) {
console.clear();
}
}
回答3:
As described here (https://getfirebug.com/wiki/index.php/Console_Panel), you can set it in about:config tab, changing the extensions.firebug.showXMLHttpRequests value.
回答4:
Use a binary websocket.
Although some browsers still allow users 'inspect' the contents of websocket packets in some cases, this is generally restricted to text-only websockets and a lot more difficult for binary data... and most definitely will not show up in the console.
This is the approach that Livereload (http://livereload.com/) uses to avoid spamming the console with ajax requests that make using the console for real debugging meaningful.
Obviously as the other posts in this thread have stated you cannot prevent someone from actually catching requests using tools such as Wireshark; but arguably a binary web socket would discourage 90% of the casual tampering that you might get with standard ajax requests.
回答5:
I have tried jQuery but it always used normal ajax calls. According to the docs: requests with "JSONP" or "script" dataType and "GET" type should result "script" transport mode. It works this way:
Client side:
var h = $('head')[0];
var e = document.createElement('SCRIPT');
e.src = "/c.php?getRefresh=1"+("&_="+(+new Date()));
e.onload = function(){
//script from server executed
h.removeChild(e);
}
h.appendChild(e);
Server side:
if(isset($_GET['getRefresh'])){
header("Content-Type: text/javascript");
die("console.log('OK');");
}
回答6:
I don't think you will be able to completely hide calls from any sniffing software due to the fact that some sniffing software packages work on a very low level (so low you can't actually get there from browser / code).
If you want to mask a call (e.g. hide where the call goes) you can send it to a server of your own and then the server can make the call itself (using some masked commands).
Like calling http://myserver.com/doCommand?command=cmd1¶meter1=param1¶meter2=param2
And the server can have the logic that will read the command and parameters, execute them and then report back with the results. Anyway the call between the client (browser) and your server can be caught by the sniffing software.
It is much like a proxy. The client can see what goes to the proxy but it will not know what happens next.
Anyway it feels a bit as if you have a problem with the architecture itself after you are going after masking calls from the caller and not the outer world.
回答7:
Similar to what Saeed was saying with JSONP, you could change the source of an image/file/script "src" attribute. The server will send the request when it changes, thus making it possible to communicate with the server. I haven't tried this but I'm looking at implementing it for something myself.
来源:https://stackoverflow.com/questions/8223319/how-to-hide-ajax-requests-from-firebug-console