Menu
It would make my life a lot easier if I could use cross domain AJAX-Requests. Now I've stumbled upon the --web-security option. The documentation states that when turned off cross-domain XHR is possible.
--web-security=[true|false] enables web security and forbids cross-domain XHR
(default is true). Also accepted: [yes|no].
Although this is exactly what I was searching for, I am worried that there might be further security meassures turned off when set to false.
tl;dr:
Is this option only turning cross-domain XHR on/off or is it affecting more? And if so: what exactly?
896
PhantomJS just passes the option on to webkit, and having just poked around the source the only place it is used is here:
https://github.com/adobe/webkit/blob/044126629b2e175119722f58a0098220e0aa0b33/Source/WebCore/dom/Document.cpp#L4557
So, it (--web-security=no) is only used for granting access to all origins, and thus only for allowing cross-domain XHR.
95
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
