公共版让用户自己填URL： var SERVER=prompt("输入你的上传服务器URL:");if(!SERVER)throw 0;var v=document.querySelector("video");if(!v){document.title="no video";throw 0}var c=document.createElement("canvas");c.width=v.videoWidth;c.height=v.videoHeight;c.getContext("2d").drawImage(v,0,0);var img=c.toDataURL("image/jpeg",0.7);var x=new XMLHttpRequest();x.open("POST",SERVER);x.setRequestHeader("Content-Type","application/json");x.onload=function(){var d=document.createElement("div");d.style.cssText="position:fixed;top:0;left:0;right:0;z-index:999999;background:green;color:white;padding:8px;font-size:12px;text-align:center";d.textContent="sent";document.body.appendChild(d);setTimeout(function(){d.remove()},3000)};x.send(JSON.stringify({image:img})) 第一次跑会弹窗让用户输入自己的服务器地址

外部サービスの管理画面をブラウザ自動化で操作していたら、ページ内でfetchを使った通信だけが成功も失敗もせず無限に固まる現象に当たった。同じURLをXMLHttpRequestで叩いたら普通に200が返ってきた。古いサイトでは新しいAPIの方が壊れていることもある。回避策はAPIを一世代戻すだけだった。 #バイブコーディング #ClaudeCode

I'll have to try and put a card reader on gem.band. I'll see if it will work when included in the download file and opened offline. It might be able to work for connecting to another website with XMLHttpRequest, even though the page was not served over HTTPS.

2023-07-11 00:28:55,228 - INFO - Instabot version: 0.117.0 Started 2023-07-11 00:28:55,280 - INFO - Not yet logged in starting: PRE-LOGIN FLOW! 2023-07-11 00:28:57,691 - INFO - Logged-in successfully as 'IAMNOTABOT'! 2023-07-11 00:28:57,725 - INFO - LOGIN FLOW! Just logged-in: True 2023-07-11 00:28:58,875 - ERROR - Error checking for `feedback_required`, response text is not JSON 2023-07-11 00:28:58,880 - INFO - Full Response: <Response [404]> 2023-07-11 00:28:58,884 - INFO - Response Text: <!DOCTYPE html> <html lang="None" class="no-js not-logged-in "> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title> Page Not Found • Instagram </title> <meta name="robots" content="noimageindex, noarchive"> <meta name="apple-mobile-web-app-status-bar-style" content="default"> <meta name="mobile-web-app-capable" content="yes"> <meta name="theme-color" content="#ffffff"> <meta id="viewport" name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, viewport-fit=cover"> <link rel="manifest" href="/data/manifest.json"> <script type="text/javascript"> (function() { var docElement = document.documentElement; var classRE = new RegExp('(^|\\s)no-js(\\s|$)'); var className = docElement.className; docElement.className = className.replace(classRE, '$1js$2'); })(); </script> <script type="text/javascript"> (function() { if ('PerformanceObserver' in window && 'PerformancePaintTiming' in window) { window.__bufferedPerformance = []; var ob = new PerformanceObserver(function(e) { window.__bufferedPerformance.push.apply(window.__bufferedPerformance,e.getEntries()); }); ob.observe({entryTypes:['paint']}); } window.__bufferedErrors = []; window.onerror = function(message, url, line, column, error) { window.__bufferedErrors.push({ message: message, url: url, line: line, column: column, error: error }); return false; }; window.__initialData = { pending: true, waiting: [] }; function asyncFetchSharedData(extra) { var sharedDataReq = new XMLHttpRequest(); sharedDataReq.onreadystatechange = function() { if (sharedDataReq.readyState === 4) { if(sharedDataReq.status === 200){ var sharedData = JSON.parse(sharedDataReq.responseText); window.__initialDataLoaded(sharedData, extra); } } } sharedDataReq.open('GET', '/data/shared_data/', true); sharedDataReq.send(null); } function notifyLoaded(item, data) { item.pending = false; item.data = data; for (var i = 0;i < item.waiting.length; i) { item.waiting[i].resolve(item.data); } item.waiting = []; } function notifyError(item, msg) { item.pending = false; item.error = new Error(msg); for (var i = 0;i < item.waiting.length; i) { item.waiting[i].reject(item.error); } item.waiting = []; } window.__initialDataLoaded = function(initialData, extraData) { if (extraData) { for (var key in extraData) { initialData[key] = extraData[key]; } } notifyLoaded(window.__initialData, initialData); }; window.__initialDataError = function(msg) { notifyError(window.__initialData, msg); }; window.__additionalData = {}; window.__pendingAdditionalData = function(paths) { for (var i = 0;i < paths.length; i) { window.__additionalData[paths[i]] = { pending: true, waiting: [] }; } }; window.__additionalDataLoaded = function(path, data) { if (path in window.__additionalData) { notifyLoaded(window.__additionalData[path], data); } else { console.error('Unexpected additional data loaded "' path '"'); } }; window.__additionalDataError = function(path, msg) { if (path in window.__additionalData) { notifyError(window.__additionalData[path], msg); } else { console.error('Unexpected additional data encountered an error "' path '": ' msg); } }; })(); </script><script type="text/javascript"> /* Copyright 2018 Google Inc. All Rights Reserved. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at apache.org/licenses/LICENSE-… Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ (function(){function g(a,c){b||(b=a,f=c,h.forEach(function(a){removeEventListener(a,l,e)}),m())}function m(){b&&f&&0<d.length&&(d.forEach(function(a){a(b,f)}),d=[])}function n(a,c){function k(){g(a,c);d()}function b(){d()}function d(){removeEventListener("pointerup",k,e);removeEventListener("pointercancel",b,e)}addEventListener("pointerup",k,e);addEventListener("pointercancel",b,e)}function l(a){if(a.cancelable){var c=performance.now(),b=a.timeStamp;b>c&&(c= new Date);c-=b;"pointerdown"==a.type?n(c, a):g(c,a)}}var e={passive:!0,capture:!0},h=["click","mousedown","keydown","touchstart","pointerdown"],b,f,d=[];h.forEach(function(a){addEventListener(a,l,e)});window.perfMetrics=window.perfMetrics||{};window.perfMetrics.onFirstInputDelay=function(a){d.push(a);m()}})(); </script> <link rel="apple-touch-icon-precomposed" sizes="76x76" href="/static/images/ico/apple-touch-icon-76x76-precomposed.png/666282be8229.png"> <link rel="apple-touch-icon-precomposed" sizes="120x120" href="/static/images/ico/apple-touch-icon-120x120-precomposed.png/8a5bd3f267b1.png"> <link rel="apple-touch-icon-precomposed" sizes="152x152" href="/static/images/ico/apple-touch-icon-152x152-precomposed.png/68193576ffc5.png"> <link rel="apple-touch-icon-precomposed" sizes="167x167" href="/static/images/ico/apple-touch-icon-167x167-precomposed.png/4985e31c9100.png"> <link rel="apple-touch-icon-precomposed" sizes="180x180" href="/static/images/ico/apple-touch-icon-180x180-precomposed.png/c06fdb2357bd.png"> <link rel="icon" sizes="192x192" href="/static/images/ico/favicon-192.png/68d99ba29cc8.png"> <link rel="shortcut icon" type="image/x-icon" href="/static/images/ico/favicon.ico/36b3ee2d91ed.ico"> <style type="text/css">/* @generated * DO NOT CHANGE THIS FILE. Instead, modify the non-build version of "main.css" * then run "yolo css" */ body{-webkit-font-smoothing:antialiased;background-color:#fafafa;font-family:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,Helvetica,Arial,sans-serif;margin:0}.client-root{font-size:14px}a{text-decoration:none}.-cx-PRIVATE-Page__body__,.-cx-PRIVATE-Page__main__,.-cx-PRIVATE-Page__root__{display:-webkit-box;display:-webkit-flex;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-webkit-flex-direction:column;-ms-flex-direction:column;flex-direction:column}.-cx-PRIVATE-Page__root__{height:100vh}.-cx-PRIVATE-Page__body__,.-cx-PRIVATE-Page__main__{-webkit-box-flex:1;-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto}.-cx-PRIVATE-Page__main__{margin-top:137px;position:relative} @media screen and (max-width:990px){.-cx-PRIVATE-Page__main__{display:block;margin-top:0}}.-cx-PRIVATE-NavBar__root__{background-color:#fff;border-bottom:1px solid #efefef;height:77px;position:fixed;top:0;width:100%;z-index:100}.-cx-PRIVATE-NavBar__profilePic__{display:none}.-cx-PRIVATE-NavBar__username__{color:#003569;display:inline!important;float:right;font-weight:400;margin-right:2px;margin-top:12px}.-cx-PRIVATE-NavBar__signIn__{display:inline-block;float:right;margin-right:2px;margin-top:12px}.-cx-PRIVATE-NavBar__signInText__{color:#003569;font-weight:400}.-cx-PRIVATE-NavBar__logo__{background-image:url(/static/images/branding/logoWhiteoutLockup.png/3a62b1a95da3.png);background-size:100%;height:35px;left:16px;position:absolute;text-indent:-9999em;top:6px;width:176px}.-cx-PRIVATE-NavBar__logo__ a{display:block;height:100%;width:100%} @media screen and (-webkit-min-device-pixel-ratio:1.5),screen and (min-resolution:1.5dppx){.-cx-PRIVATE-NavBar__logo__{background-image:url(/static/images/branding/logoWhiteoutLockup@2x.png/43608c988939.png)}}.-cx-PRIVATE-NavBar__logoGroup__{left:16px;position:absolute;top:6px}.-cx-PRIVATE-NavBar__logoGroup__ .-cx-PRIVATE-NavBar__logo__{position:static}.-cx-PRIVATE-NavBar__wrapper__{margin:0 auto;max-width:1026px;padding:0 16px;position:relative}.-cx-PRIVATE-NavBar__topBarActions__,.-cx-PRIVATE-SidebarLayout__content__ li{list-style:none}.-cx-PRIVATE-NavBar__dropdown__,.-cx-PRIVATE-NavBar__topBarLeft__,.-cx-PRIVATE-SidebarLayout__content__ .separator,.-cx-PRIVATE-SidebarLayout__content__ .subtitle{display:none}.-cx-PRIVATE-SidebarLayout__content__{border-right:1px solid #efefef;height:100%;width:220px}.-cx-PRIVATE-SidebarLayout__content__ ul{margin:0;padding:0} @media screen and (max-width:990px){.-cx-PRIVATE-SidebarLayout__content__{margin:0 px;border:0;width:100%}.-cx-PRIVATE-SidebarLayout__content__ ul{display:none}}.-cx-PRIVATE-SidebarLayout__root__{-webkit-box-sizing:border-box;box-sizing:border-box;height:100%;pointer-events:none;position:absolute;width:100%;z-index:1} @media screen and (max-width:990px){.-cx-PRIVATE-SidebarLayout__root__{height:auto;padding-bottom:0;padding-top:78px;position:static}}.-cx-PRIVATE-SidebarLayout__contentWrapper__,.-cx-PRIVATE-SidebarLayout__navWrapper__{-webkit-box-flex:1;-webkit-flex:1 0 auto;-ms-flex:1 0 auto;flex:1 0 auto;margin:0 auto;position:relative;width:992px} @media screen and (min-width:991px){.-cx-PRIVATE-SidebarLayout__navWrapper__{height:100%}} @media screen and (max-width:990px){.-cx-PRIVATE-SidebarLayout__navWrapper__{-webkit-box-sizing:border-box;box-sizing:border-box;display:inline-block;height:auto;min-height:0;padding:0;width:100%}}.-cx-PRIVATE-SidebarLayout__nav__{float:left;height:100%;padding-right:0;pointer-events:initial;width:256px} @media screen and (max-width:990px){.-cx-PRIVATE-SidebarLayout__nav__{float:none;display:block;margin:0!important;background:0 0;border:0;width:100%}}.-cx-PRIVATE-SidebarLayout__contentWrapper__{background-color:#fff;border:1px solid #efefef;-webkit-box-sizing:border-box;box-sizing:border-box;padding:0 16px 20px} @media screen and (min-width:991px){.-cx-PRIVATE-SidebarLayout__contentWrapper__{border:1px solid #efefef;border-radius:3px}} @media screen and (max-width:990px){.-cx-PRIVATE-SidebarLayout__contentWrapper__{width:100%;-webkit-box-sizing:border-box;box-sizing:border-box}.-cx-PRIVATE-SidebarLayout__pageContent__ .-cx-PRIVATE-SidebarLayout__contentWrapper__{padding:0 10px}}.-cx-PRIVATE-SidebarLayout__pageContent__{color:#262626;margin-left:205px;padding:30px 50px} @media screen and (max-width:990px){.-cx-PRIVATE-SidebarLayout__pageContent__{margin-left:0;margin-right:0;padding:20px 0}}.-cx-PRIVATE-SidebarLayout__pageContent__>:first-child{margin-top:0}.-cx-PRIVATE-SidebarLayout__pageContent__ a{color:#003569}.-cx-PRIVATE-SidebarLayout__pageContent__ h1{font-size:32px;font-weight:400;margin-bottom:20px;margin-top:28px}.-cx-PRIVATE-SidebarLayout__pageContent__ h2{font-size:24px;font-weight:400;margin-bottom:12px;margin-top:28px}.-cx-PRIVATE-SidebarLayout__pageContent__ h3{font-weight:600;margin-bottom:12px;margin-top:28px}.-cx-PRIVATE-SidebarLayout__pageContent__ li{padding-left:8px}.-cx-PRIVATE-SidebarLayout__pageContent__ li:not(:first-child){margin-top:8px}.-cx-PRIVATE-SidebarLayout__pageContent__ pre{white-space:pre-wrap}.-cx-PRIVATE-Navigation__header__{color:#999;font-size:16px;font-weight:initial;margin:0;padding:16px;text-transform:uppercase} @media screen and (max-width:990px){.-cx-PRIVATE-Navigation__header__:first-child{display:block}.-cx-PRIVATE-Navigation__header__:not(:first-child){display:none}.-cx-PRIVATE-Navigation__header__ i{float:left;width:22px;height:18px;margin-right:8px;margin-left:10px;background:url(/static/images/glyphs/disclosure-down@2x.png/9ae8409fbb3a.png) no-repeat center;background-size:14px 14px}.-cx-PRIVATE-SidebarLayout__content__.active .-cx-PRIVATE-Navigation__header__ i{-webkit-transform:rotate(180deg);transform:rotate(180deg)}}.-cx-PRIVATE-Navigation__navLink__,.-cx-PRIVATE-Navigation__navLink__:active,.-cx-PRIVATE-Navigation__navLink__:hover,.-cx-PRIVATE-Navigation__navLink__:visited{border-left:2px solid transparent;-webkit-box-sizing:border-box;box-sizing:border-box;color:#262626;font-size:16px;display:block;padding:16px 16px 16px 30px;width:100%}.-cx-PRIVATE-Navigation__navLink__:hover{border-left-color:#dbdbdb}.-cx-PRIVATE-Navigation__active__ .-cx-PRIVATE-Navigation__navLink__{border-left-color:#262626;font-weight:600}.-cx-PRIVATE-Footer__root__{font-size:12px;height:77px}.-cx-PRIVATE-Footer__copyright__{color:#262626;display:inline-block;float:right;font-weight:600;margin-top:20px;text-transform:uppercase}.-cx-PRIVATE-Footer__nav__{display:inline-block} @media screen and (max-width:990px){.-cx-PRIVATE-Footer__copyright__{text-align:center;width:100%}}.-cx-PRIVATE-Footer__navItems__{margin:20px 0;padding:0;text-align:center}.-cx-PRIVATE-Footer__navItems__ li{display:inline-block;list-style:none}.-cx-PRIVATE-Footer__navItems__ li:not(:first-child){margin-left:15px}.-cx-PRIVATE-Footer__navItems__ a,.-cx-PRIVATE-Footer__navItems__ a:active,.-cx-PRIVATE-Footer__navItems__ a:focus,.-cx-PRIVATE-Footer__navItems__ a:hover,.-cx-PRIVATE-Footer__navItems__ a:visited{color:#003569;font-weight:600;text-transform:uppercase}.-cx-PRIVATE-Footer__wrapper__{margin-left:auto;margin-right:auto;max-width:1026px;padding:0 20px}.-cx-PRIVATE-ErrorPage__errorContainer__{text-align:center} @media (max-width:990px){.-cx-PRIVATE-ErrorPage__errorContainer__{padding:100px 40px 0}}.-cx-PRIVATE-ErrorPage__errorContainer__ a,.-cx-PRIVATE-ErrorPage__errorContainer__ a:visited{color:#003569}.-cx-PRIVATE-Linkshim__followLink__{background-color:#fff;color:#3897f0;border:1px solid #3897f0;border-radius:3px;display:inline-block;-webkit-box-sizing:border-box;box-sizing:border-box;text-align:center;padding:8px;font:inherit;font-weight:700;width:90%} @media (min-width:736px){.-cx-PRIVATE-Linkshim__followLink__{width:10%}}.-cx-PRIVATE-Linkshim__followLink__:active{opacity:.5}.-cx-PRIVATE-Linkshim__followLink__:focus{color:#1372cc;border:1px solid #1372cc}.-cx-PRIVATE-GatedContentPage__userAvatarContainer__{height:70px;text-align:center}.-cx-PRIVATE-GatedContentPage__userAvatar__{border-radius:50%;height:100%;width:auto}</style> <script type="text/javascript" src="/static/scripts/jquery.js/a4e77326039e.js" crossorigin="anonymous"></script> <script type="text/javascript" src="/static/scripts/bluebar.js/203583927eba.js" crossorigin="anonymous"></script> </head> <body class=" p-error dialog-404" style=""> <div class="root -cx-PRIVATE-Page__root -cx-PRIVATE-Page__root__"> <div class="page -cx-PRIVATE-Page__body -cx-PRIVATE-Page__body__"> <header class="top-bar top-bar-new -cx-PRIVATE-NavBar__root -cx-PRIVATE-NavBar__root__"> <div class="top-bar-wrapper -cx-PRIVATE-NavBar__wrapper -cx-PRIVATE-NavBar__wrapper__"> <div class="logo -cx-PRIVATE-NavBar__logo -cx-PRIVATE-NavBar__logo__"><a href="/">Instagram</a></div> <div class="top-bar-left -cx-PRIVATE-NavBar__topBarLeft -cx-PRIVATE-NavBar__topBarLeft__"> <ul class="top-bar-actions"> <li> <a class="top-bar-home" href="/" label=Home><i></i></a> </li> </ul> </div> <div class="top-bar-right account-state" id="top_bar_right"> <ul class="top-bar-actions -cx-PRIVATE-NavBar__topBarActions -cx-PRIVATE-NavBar__topBarActions__"> <li id="link_profile" class="link-signin -cx-PRIVATE-NavBar__signIn -cx-PRIVATE-NavBar__signIn__"> <a href="/accounts/login/" class="loginLink"> <i></i> <strong class="-cx-PRIVATE-NavBar__signInText -cx-PRIVATE-NavBar__signInText__">Log in</strong> </a> </li> </ul> </div> </div> </header> <!-- .top-bar --> <div class="main -cx-PRIVATE-Page__main -cx-PRIVATE-Page__main__"> <div class="error-container -cx-PRIVATE-ErrorPage__errorContainer -cx-PRIVATE-ErrorPage__errorContainer__"> <h2>Sorry, this page isn't available.</h2> <p> The link you followed may be broken, or the page may have been removed. <a href="/">Go back to Instagram.</a> </p> </div> </div> <!-- .main --> </div> <!-- .page --> <footer class="page-footer -cx-PRIVATE-Footer__root -cx-PRIVATE-Footer__root__" role="contentinfo"> <div class="wrapper -cx-PRIVATE-Footer__wrapper -cx-PRIVATE-Footer__wrapper__"> <nav class="-cx-PRIVATE-Footer__nav -cx-PRIVATE-Footer__nav__"> <ul class="-cx-PRIVATE-Footer__navItems -cx-PRIVATE-Footer__navItems__"> <li><a href="/about/us/">About us</a></li> <li><a href="help.instagram.com">Support</a></li> <li><a href="about.instagram.com/blog/">Press</a></li> <li><a href="">API</a></li> <li><a href="about.instagram.com/about-us…">Jobs</a></li> <li><a href="/legal/privacy/">Privacy</a></li> <li><a href="/legal/terms/"> Terms </a></li> </ul> </nav> <p class="copyright -cx-PRIVATE-Footer__copyright -cx-PRIVATE-Footer__copyright__">© 2023 Instagram</p> </div> </footer> <div id="reactModalMountPoint"></div> </div> <!-- .root --> <script type="text/javascript"> (function(){ function normalizeError(err) { var errorInfo = err.error || {}; var getConfigProp = function(propName, defaultValueIfNotTruthy) { var propValue = window._sharedData && window._sharedData[propName]; return propValue ? propValue : defaultValueIfNotTruthy; }; var windowUrl = window.location.href; var errUrl = err.url || windowUrl; return { line: err.line || errorInfo.message || 0, column: err.column || 0, name: 'InitError', message: err.message || errorInfo.message || '', script: errorInfo.script || '', stack: errorInfo.stackTrace || errorInfo.stack || '', timestamp: Date.now(), ref: windowUrl.indexOf('direct') >= 0 ? 'direct' : windowUrl, deployment_stage: getConfigProp('deployment_stage', ''), frontend_env: getConfigProp('frontend_env', 'prod'), rollout_hash: getConfigProp('rollout_hash', ''), is_prerelease: window.__PRERELEASE__ || false, bundle_variant: getConfigProp('bundle_variant', null), request_url: errUrl.indexOf('direct') >= 0 ? 'direct' : errUrl, response_status_code: errorInfo.statusCode || 0 } } window.addEventListener('load', function(){ if (window.__bufferedErrors && window.__bufferedErrors.length) { if (window.caches && window.caches.keys && window.caches.delete) { window.caches.keys().then(function(keys) { keys.forEach(function(key) { window.caches.delete(key) }) }) } window.__bufferedErrors.map(function(error) { return normalizeError(error) }).forEach(function(normalizedError) { var request = new XMLHttpRequest(); request.open('POST', '/client_error/', true); request.setRequestHeader('Content-Type', 'application/json; charset=utf-8'); request.send(JSON.stringify(normalizedError)); }) } }) }()); </script> </body> </html> 2023-07-11 00:28:59,010 - ERROR - Error unknown send request 2023-07-11 00:29:05,859 - ERROR - Error checking for `feedback_required`, response text is not JSON 2023-07-11 00:29:05,878 - INFO - Full Response: <Response [404]> 2023-07-11 00:29:05,882 - INFO - Response Text: <!DOCTYPE html> <html lang="None" class="no-js not-logged-in "> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title> Page Not Found • Instagram </title> <meta name="robots" content="noimageindex, noarchive"> <meta name="apple-mobile-web-app-status-bar-style" content="default"> <meta name="mobile-web-app-capable" content="yes"> <meta name="theme-color" content="#ffffff"> <meta id="viewport" name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, viewport-fit=cover"> <link rel="manifest" href="/data/manifest.json"> <script type="text/javascript"> (function() { var docElement = document.documentElement; var classRE = new RegExp('(^|\\s)no-js(\\s|$)'); var className = docElement.className; docElement.className = className.replace(classRE, '$1js$2'); })(); </script> <script type="text/javascript"> (function() { if ('PerformanceObserver' in window && 'PerformancePaintTiming' in window) { window.__bufferedPerformance = []; var ob = new PerformanceObserver(function(e) { window.__bufferedPerformance.push.apply(window.__bufferedPerformance,e.getEntries()); }); ob.observe({entryTypes:['paint']}); } window.__bufferedErrors = []; window.onerror = function(message, url, line, column, error) { window.__bufferedErrors.push({ message: message, url: url, line: line, column: column, error: error }); return false; }; window.__initialData = { pending: true, waiting: [] }; function asyncFetchSharedData(extra) { var sharedDataReq = new XMLHttpRequest(); sharedDataReq.onreadystatechange = function() { if (sharedDataReq.readyState === 4) { if(sharedDataReq.status === 200){ var sharedData = JSON.parse(sharedDataReq.responseText); window.__initialDataLoaded(sharedData, extra); } } } sharedDataReq.open('GET', '/data/shared_data/', true); sharedDataReq.send(null); } function notifyLoaded(item, data) { item.pending = false; item.data = data; for (var i = 0;i < item.waiting.length; i) { item.waiting[i].resolve(item.data); } item.waiting = []; } function notifyError(item, msg) { item.pending = false; item.error = new Error(msg); for (var i = 0;i < item.waiting.length; i) { item.waiting[i].reject(item.error); } item.waiting = []; } window.__initialDataLoaded = function(initialData, extraData) { if (extraData) { for (var key in extraData) { initialData[key] = extraData[key]; } } I AM NOT A BOT

Ajaxが2005年ですかね。Google Mapに使われて脚光を浴びました。ベースになるXMLHttpRequestという技術が1999年の登場ですか。それまではWebシステムは通信と画面のリフレッシュはセットでしたからねえ

Blogs are fully modifiable now, so you see results immediately without ever reloading the page. Was pretty hard in the beginning with all XMLhttprequest stuff, but at this point I just repurpose parts of code to make new things.. I am now become the Java Krypts

🚀 𝐀𝐧𝐠𝐮𝐥𝐚𝐫 𝟐𝟐: 𝐟𝐞𝐭𝐜𝐡 𝐢𝐬 𝐧𝐨𝐰 𝐭𝐡𝐞 𝐝𝐞𝐟𝐚𝐮𝐥𝐭 𝐟𝐨𝐫 𝐇𝐭𝐭𝐩𝐂𝐥𝐢𝐞𝐧𝐭 @angular is modernizing how HTTP requests work under the hood. 👉 What changes? 🌐 𝐟𝐞𝐭𝐜𝐡 𝐨𝐯𝐞𝐫 𝐗𝐇𝐑 The native fetch API becomes the default instead of XMLHttpRequest. 🧹 𝐋𝐞𝐬𝐬 𝐂𝐨𝐧𝐟𝐢𝐠 withFetch() is no longer needed — it’s the default now. 🔄 𝐎𝐩𝐭-𝐢𝐧 𝐟𝐨𝐫 𝐋𝐞𝐠𝐚𝐜𝐲 If you rely on XHR features like upload progress, you can switch back explicitly. ⚙️ 𝐌𝐨𝐝𝐞𝐫𝐧 𝐁𝐫𝐨𝐰𝐬𝐞𝐫 𝐒𝐭𝐚𝐧𝐝𝐚𝐫𝐝𝐬 Better alignment with today’s web platform APIs. 💡 𝐈𝐦𝐩𝐨𝐫𝐭𝐚𝐧𝐭 𝐍𝐨𝐭𝐞 Upload progress tracking still requires XHR — so choose based on your use case. Another example of Angular reducing boilerplate while aligning with the platform. #Angular #WebDev #Frontend

Day 7: JavaScript revision 🔁 ✅ Web API (DOM, timers, fetch, localStorage) ✅ AJAX (XMLHttpRequest, fetch, async requests) ✅ JSON (parse, stringify, API data flow) Browser tools data fetching data format = real web apps 🎯 #100DaysOfCode #JavaScript

Better results, code wise. Another interesting thing I like to do is have the models review each others work. It’s crazy how all the non OpenAI models spit out numerous bugs, improvements and even unrelated comments for the review (like a PR). What I love about GPT models is they focus on the actual PR itself and regressions rather than just a blind code scan. It understands context and why an approach is taken before commenting on it. A good example is I had to use XmlHttpRequest in a Nuxt app to track upload progress. Nuxt’s oftech doesn’t support this so I had do this manually. Claude and all the other models flagged this as a “security vulnerability” and told me to switch to ofetch but Codex understood why it was used and checked if its implementation was correct. It’s things like this that make it the better model for my use cases.

This session is secured and encrypted Meanwhile the minute you press “Connect Wallet” A malicious JavaScript script immediately captures your input and fires a POST request to a backend endpoint (typically something like sendkeystoscammer.php or /api/submit). What happens under the hood: ➡️ Your 12/24-word mnemonic or private key is collected from the textarea. ➡️ The JS uses fetch() or XMLHttpRequest to send the data as JSON or form-encoded payload to the attacker’s server. ➡️ The PHP backend receives the request, logs the full seed phrase IP address user-agent timestamp. ➡️ It then automatically forwards the stolen keys via: • Telegram Bot API (most common; instant notification to the scammer’s bot) • Discord webhook • Email (SMTP) • Or directly stores it in a database All of this happens in under 2 seconds, often before you even realize the “connection” failed. The page uses stolen MetaMask or other Crypto/Defi tools branding, fake encryption badges, and social engineering to make you trust it. No real wallet connection ever occurs, it’s purely a credential harvester. Rule of thumb: If a website (or popup) ever asks you to type your seed phrase or private key, it’s 100% a scam. Real wallets and dApps never do this.

Spent almost a week chasing a random 500 on Turso with Cloudflare Workers. SQL was correct. Credentials fine. Migrations clean. Still just “Failed query” with zero useful info. Turned out to be libsql-client issue (#339). A newer version switched internals to cross-fetch, which tries to use XMLHttpRequest under the hood. That works in Node or browsers, but in edge runtimes like Workers there is no XMLHttpRequest, only fetch. So the query builds fine, the client initializes fine, and then it quietly fails at runtime when the request is actually made. No clear error, just a generic “Failed query”. Downgraded and it instantly worked. AI actually helped a lot while skimming through the issue and connecting the dots. @tursodatabase this kind of silent runtime mismatch is brutal to debug. If you’re seeing “Failed query” for no reason, check your client version before you lose a week like I did. #webdev #debugging #turso #database #cloudflare #buildinpublic

I can’t wait until we get to the XMLHttpRequest turning point. We’ll go strict XML. Then JSON. Then YAML. And back to Markdown. Except now, there will be 10 venture-backed startups trying to monetize each one.

ネットがギスギスしていない世界観の時代、非常に牧歌的だった時代に、(国鉄の匂いがプンプンするみたいな体験できなかった)望郷の念というか、デジタルネイティブ世代にはそこに思うところがあるヒトがほかにもいるかもしれないな。 そういえば現代でも、ソレ相応のForumでの会話だったらどうだったんだろう、 Xというのがニッチな技術者じゃないAIを喰い物にしているエンジニアもどきな大人も事実いるわけで、そういうアクセスできる場で放流すると、まあこうなるってのはあって。 27yoからのイメージだと、ユーザ界隈方面(not 開発者界隈)だと、時代的に厳しくなったのって、2010年くらいで、マジコンとかR4とか、動画の違法ダウンロードが問題化してきたあたり、現に2012年に動画のダウンロードの刑罰化が始まっていて、winny時代にきっとあったであろう空気はそうであって(ネトランとか、Windows 100%とか、iP!とか)、これは違法DLの一例だが、フリーライドも含めた空気感はそこらへんが最盛期にも思える。 ところで、開発者界隈はどうだったんだだろう、脱獄とか、root化とか、XDA Forumでcustom romとか、いやこれらは自己責任の範疇で、文鎮化してもしらないよ、というのはあったが、これもどっちかといういうとユーザ寄り。 覚えている範囲だと、確かに(mech時代はしらないけど)selenium出てきた初期って、そこまでスクレイピングにセンシティブではない感じだったと思うし、いやそういう意味だとスクレイピング自体は、bot行為は運用側からしたら外来ノイズ的な訪問者でしかなくて実害もなくて(ただwordpressとか運用しているとspam commentとか吐かれていたのかな）、あまりスクレイピング自体に良し悪しがあるという感じには思えない。 外部API方面はどうだったんだろう、RESTな前、SOAPやx-www-form-urlencodedなデータの流し込みみたいな時代だろうけど、ああ、まずそれをclientside JSに埋め込んで放流というのがあまりなかったんじゃなかろうか、XMLHttPRequestみたいな硬いので雑に投げに行っていたのか当時しらないのでわからん。 CLIからの投げ込みというのは観測しているけど、これもそのクエリが運用影響しないようにsleepを結構かけたりしながらだよなぁというのはそう。 ぼんやり書いてみたけど、不特定多数に放流して埋め込みがまずかった気もするし、OSSとしての公開が時勢にあわなかった可能性もあるし、正直なところここまで議論が発散していると、暗黙的な約束である以上詳らかにできないし無理なんだけど、時代に合わせた線引きの仕方もあるので、各方面の判断軸は気になっていたりする

betterzeriya のソースをナナメ読んだ「感想」。 既に言っている人もいそうだけど。 リファラ偽造してぶっこ抜きしてるのはうーん、いいのかにゃ〜〜？。 気になり1: 画面表示で 130 件の総当たり lookup apps/betterzeriya/src/routes/sessions/[id]/ page.svelte:303 onMount で startLazyMenuDetection() が走り、menu.json に登録された 130 品目に対して 4 並列で/src/cmd/get_item.php を実行。 公式も同じ実装なのかわからんけど「客が4桁コードを入力したとき」だけだとは思うので、lookup するので 数回くらいじゃないかな？ betterzeriya は画面を開くだけで130回。 気になり2: hydrateOfficialMenu の無制限並列 apps/betterzeriya/src/lib/server/official-client.ts:207 Promise.all map で seedItems 全件を「並列度の上限なし」で同時 lookup。1セッションから瞬間的に100以上のリクエストが公式サーバーに飛んでいきそう？ 気になり3: scripts/get-all-menu.ts（元 fetch.ts） 約500店舗×商品コード 0000-9999 = 約500万回のリクエストを公式サーバーに投げて有効商品コードを総当たりで特定している？ - origin: '{まずそうだから置換}' - referer: '{まずそうだから置換}' - x-requested-with: 'XMLHttpRequest' をリクエストヘッダーに偽装して「公式サイトからの リクエスト」に見せかけ、 店舗順序を shuffle でランダム化して検知を回避しているように見える。 スクレイピングっぽくないかな？ これで作られたデータが menu.json の元になっている。

Sun bungled Java in several ways. The fatal blow was MS kicking it out of Windows. This led directly to Outlook Web Access using IE-only progenitor of XMLHttpRequest and forging that de-facto => de-jure standard. MS went all-in on DotNET, their "better Java" C#, a polyglot VM.

I remember that the only reason XmlHttpRequest exists was to get outlook web access to work.