导航到游戏客户端中站点的用户从未知站点获取HTML响应

时间:2019-04-06 02:43:31

标签: javascript http nw.js

我有一个使用NW.js构建的HTML5游戏,该游戏向我的网站发出GET请求,以检索静态数据文件file.json,该文件托管在Heroku的www.example.com/file.json上。

我的一个用户可以导航至www.example.com/file.json并正确查看文件,但是当他们打开游戏时,此请求从另一个站点返回HTML。在超过100,000个用户之后,他们是第一个体验此功能的人。

用户获得的HTML响应是这样的:

<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=980,user-scalable=yes,maximum-scale=2.0" />
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<title></title>
<link rel="stylesheet" href="/steal-built/production.css" />

<script src="/js/thirdParty/jquery-1.8.3.min.js"></script>
<script src="/gui/js/jquery-utils.js"></script>
<script src="/gui/js/gui-core.js"></script>
<script src="/gui/js/gui-api.js"></script>

<script src="/js/thirdParty/modernizr.custom.js"></script>
<script src="/js/thirdParty/yepnope.1.5.4-min.js"></script>
<script src="/js/thirdParty/cssua.js"></script>
<script src="/js/thirdParty/moment.js"></script>

<!--noUI slider plugin: http://refreshless.com/nouislider/ -->
<script src="/js/thirdParty/jquery.nouislider.min.js"></script>

<!--jquery sort elements plugin: http://james.padolsey.com/javascript/sorting-elements-with-jquery/ -->
<script src="/js/thirdParty/jquery.sortElements.js"></script>

<!-- datepicker plugin: http://amsul.ca/pickadate.js/ -->
<![if gte IE 9]>
    <script src="/js/thirdParty/pickadate.min.js"></script>
<![endif]>

<!-- datepicker: legacy for older browsers -->
<!--[if lte IE 8]>
    <script src="/js/thirdParty/pickadate.legacy.js"></script>
<![endif]-->
<!-- jQuery plugin for parsing CSV file format: https://code.google.com/p/jquery-csv/ -->
<script src="/js/thirdParty/jquery.csv-0.71.min.js"></script>

<!-- MD5 encryption library -->
<script src="/js/thirdParty/md5.js"></script>

<!--ie polyfill for console.log and related -->
<script src="/js/modemUI/console-polyfill.js"></script>

<script src="/js/thirdParty/dust-full-0.3.0.js"></script>
<script src="/js/thirdParty/dust-helpers-1.1.1.js"></script>
<script src="/js/thirdParty/raphael.js"></script>

<!-- For calculating subnet masks https://github.com/franksrevenge/IPSubnetCalculator -->
<script src="/js/thirdParty/IPSubnetCalculator.js"></script>

</head>
<body>
    <!--div that is used to identify if the user's browser is (likely) a mobile device. Will be hidden by css, then examined with js-->
    <div id="div-is-smartphone"></div>
    <div id="root-view"></div>
    <!-- IE6 specific style here in case javascript disabled -->
    <!--[if lte IE 6]><style type="text/css">#init-screen {position: absolute; height: 480px;}</style><![endif]-->
    <!-- if we have no javascript, hide activity-indicator -->
    <noscript><style type="text/css">#init-screen .activity-indicator{display: none}</style></noscript>
    <div id="init-screen">
        <div class="middle">
            <div class="icon"></div>
            <div class="title"></div>
            <div class="activity-indicator"></div>
            <div class="error-message">
                <noscript>No javascript / Javascript absent</noscript>
            </div>
        </div>
        <div class="logo"></div>
    </div>
    <div id="init-log" style="display: none;">
        <div class="header">
            <span class="close">x</span>
            <span class="title">Initialization Log</span>
        </div>
        <div class="content">
            <table></table>
        </div>
    </div>
    <script src="/steal/steal.production.js?steal-built/production.js"></script>
</body>
</html>

同样,也没有机会从我的网站提供此服务。用户会受到恶意软件的影响吗?他们说他们并没有搞乱Windows中的任何配置文件,但是我对此表示怀疑。我检查了他们的请求标头,一切看起来都很正常。

0 个答案:

没有答案