Comments (5)
executed code
const main = async () => {
const [axios, { close }] = await sameorigin({
squatURL: "https://blur.io",
})
const { data } = await axios({
// Important! You must declare the baseURL of the API you intend
// to target. This is because it is used to isolate requests you
// intend to hijack for your own purposes.
baseURL: "https://core-api.prod.blur.io/v1",
// GET https://core-api.prod.blur.io/v1/prices
url: "/prices",
method: "get",
})
await close()
console.log(data)
}
main()
from sameorigin.
Hey @aster2709! Looking through the Network tab on my browser, it looks like this API request is no longer executed on the Blur homepage. If sameorigin
cannot find the request to hijack, it won't be able to piggyback future requests on top.
I looked around a little bit and I can see that the API call has been moved to https://blur.io/airdrop
. If you change your squatURL
to this, the request should be detected successfully.
const main = async () => {
const [axios, { close }] = await sameorigin({
squatURL: "https://blur.io/airdrop",
})
const { data } = await axios({
// Important! You must declare the baseURL of the API you intend
// to target. This is because it is used to isolate requests you
// intend to hijack for your own purposes.
baseURL: "https://core-api.prod.blur.io/v1",
// GET https://core-api.prod.blur.io/v1/prices
url: "/prices",
method: "get",
})
await close()
console.log(data)
}
main()
from sameorigin.
hey the /prices
did indeed work ✅
for the rather important routes, I'm not able to make it work
https://core-api.prod.blur.io/v1/collections/azuki
have tried various squatUrls
for eg. https://blur.io/collection
it sometimes works out of the blue like (1 / 10 times prolly)
im guessing these are protected routes. appreciate any info on this ✌️
from sameorigin.
I agree with your interpretation.
As far as I have experimented, you need to be signed in to query the API on other routes.
It should be possible to programmatically login to Blur using the same API functions (since, similar to /prices
, it cannot be protected like the other routes because it must serve unauthenticated users). Very odd to hear that it sometimes randomly works, though.
I recommend manually signing into Blur and watching which API calls which get made in the Network tab; you'll need to replicate these programmatically from your script using sameorigin
in order to access permissioned content on the Blur API.
from sameorigin.
Hey, did you ever manage to get this to work with the protected routes?
from sameorigin.
Related Issues (4)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sameorigin.