-2

So I don't have any practical experience with headless browsers just yet. Is it generally possible to have a headless browser run within the frontend javascript of a website?

If so, wouldn't that be a way to bypass cross origin policy? I mean at that point it's no security issue anyway, as it would be a freshly created browser, right?

Thank you!

Pariah
  • 17
  • 4

1 Answers1

0

While you can port parts of a browser to JavaScript, e.g. using emscripten, you are still restricted to the APIs offered by the browser itself. There are no APIs to open raw TCP connections, so you will not be able to bypass the same-origin policy.

Yogu
  • 9,165
  • 5
  • 37
  • 58