Skip to content

Commit

Permalink
Disable web-security (fixes headless with PhantomJS 2.1.1)
Browse files Browse the repository at this point in the history 
PhantomJS 2.1.1 is now properly respecting cross-origin strictness with web-security set to true (the default). To maintain support for the way the bot is architected, we have to tell PhantomJS it's okay to do cross-origin stuff. We trust chat.SE/SO and the bot script, right? :)

NB: PhantomJS 2.0 *erroneously* allowed our cross-origin stuff to run just fine with web-security enabled. This was actually a security vulnerability of sorts in PhantomJS. So we're just regressing our "security level" to where we used to be, not actually making it any worse.
  • Loading branch information
@allquixotic
allquixotic committed Jan 25, 2016
1 parent eb986fd commit 0bdf497
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion run-headless.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@ var Nightmare = require('nightmare'),
readline = require('readline');

var hound = new Nightmare({
cookiesFile: 'cookies.jar'
cookiesFile: 'cookies.jar',
webSecurity: false
});

var config = require('./run-headless.config.json');
Expand Down

0 comments on commit 0bdf497

Please sign in to comment.