What exactly disables the phantomjs option "--web-security = false"?

Question

What exactly disables the phantomjs option "--web-security = false"?

It will make my life easier if I can use the cross-domain AJAX-Requests. Now I came across the option --web-security . The documentation states that when disconnecting, the use of cross-domain XHR is possible.

 --web-security=[true|false] enables web security and forbids cross-domain XHR (default is true). Also accepted: [yes|no].

Although this is exactly what I was looking for, I am concerned that after setting the value false, security measures may be disabled.

TL; DR:

Is this setting only on / off cross-domain XHR or does it affect more? And if so: what exactly?

+7

security phantomjs

Senad Feb 06 '14 at 18:49

source share

1 answer

Darren cook · Accepted Answer · 2014-02-07T09:42:57+0000

PhantomJS simply passes the option to webkit, and, having just pushed the source, the only place it is used is here:

https://github.com/adobe/webkit/blob/044126629b2e175119722f58a0098220e0aa0b33/Source/WebCore/dom/Document.cpp#L4557

So, it ( --web-security=no ) is used only to provide access to all sources and, therefore, only to allow cross-domain XHR.

What exactly disables the phantomjs option "--web-security = false"?

More articles: