另一种在没有 API 的情况下在 iframe 标签中打开 instagram 的方法
最佳答案
您始终可以通过以下方法检查 IFrame 中是否允许特定 Origin 的任何 url(example.com):
function isAllowededByXFrameOption({ header, origin }) {
if (header["X-Frame-Options".toLowerCase()]) {
let options = header["X-Frame-Options".toLowerCase()].toLowerCase();
if (options === "SAMEORIGIN".toLowerCase()) {
return false;
} else if (options === "DENY".toLowerCase()) {
return false;
} else if (~options.indexOf("ALLOW-FROM".toLowerCase())) {
let allowedOrigins = options.split(" ").slice(1);
return allowedOrigins.find(
_o => url.parse(_o).host === url.parse(origin).host
);
}
}
if (header["Content-Security-Policy".toLowerCase()]) {
let _options = header["Content-Security-Policy".toLowerCase()];
let CheckOriginInSource = source_name => {
_options = _options.split(";");
_options = _options.find(_o => _o.indexOf(source_name) > -1);
_options = _options.split(" ").slice(1);
return _options.find(_o => url.parse(_o).host === url.parse(origin).host);
};
if (_options.indexOf("frame-src") > -1) {
return CheckOriginInSource("frame-src");
} else if (_options.indexOf("child-src")) {
return CheckOriginInSource("child-src");
} else if (_options.indexOf("default-src")) {
return CheckOriginInSource("default-src");
} else {
return true;
}
} else {
return true;
}
}
const got = require("got");
const metascraper = require("metascraper")([
require("metascraper-author")(),
require("metascraper-date")(),
require("metascraper-description")(),
require("metascraper-image")(),
require("metascraper-logo")(),
require("metascraper-clearbit-logo")(),
require("metascraper-publisher")(),
require("metascraper-title")(),
require("metascraper-url")()
]);
const Domain = "example.com";
(async () => {
const { body: html, url, headers } = await got(Domain);
const metadata = await metascraper({ html, url });
const isAllowed = isAllowededByXFrameOption({
header: headers,
origin: "www.app4pc.com"
})
})();
关于javascript - 可以在没有 API 的情况下在 iframe 中打开 instagram,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58455901/