I am trying to use a http request for a url that gets opened in a popup. This popup has a specific window/target name, when I try to access it directly (in the browser or http request), I get a permission denied. It only loads in the popup. Is there some way to spoof/circumvent this to make it work via a http request or curl ?
You can try open the developer Console in you browser, Tab Network and then copy request with cURL
i do this sometimes when i'm to lazy to setup all headers in the request node 
Is it possible to share the link?
2 Likes
Hi @bakman2
Window objects can have properties added, such as session objects.
its very possible a session object is being passed to it.
or even cookies (same domain)
const win = window.open(url,windowName,'height=200,width=150');
win.mySession = <some-magic>
Then the source (JS) inside that window, can check for window.mySession
(or document - I can't remember how it is stored), and validate its authenticity.
it could also be checking for cookies
The curl was the hint, it had a specific headers;
Sec-Fetch-Mode, Sec-Fetch-Dest and Sec-Fetch-Site
@marcus-j-davies there is no window object in nodejs
there are cookies, but are being passed along, all working now! Thanks.
1 Like
Sorry - was referring to the original web page passing something to the popup (window) 
But curl to the rescue (I need to use that more)
Edit
Oh now I get it 
(It’s been a long day - I’m a flight risk today )
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
