跨來源請求是怎麼運作的呢？

主要是由兩個 Header 來做相對的存取控制，Request 當中的 Origin 和 Response 中的 Access-Control-Allow-Origin。

只要發送請求時的 Origin 和回應的 header 中 Access-Control-Allow-Origin 的值相同，或是Access-Control-Allow-Origin: * （代表允許任何網域存取資源），此時就會放寬 CORS 的限制，允許存取跨域資源。

如果不符合 CORS policy 的話，會顯示下列訊息：

這代表網路應用程式所使用的 API 除非使用 CORS 標頭，否則只能請求與應用程式相同網域的 HTTP 資源。

目前解法：

通過jsDelivr引用資源
https://stackoverflow.max-everyday.com/2020/08/jsdelivr/

相關文章：

和 CORS 跟 cookie 打交道
https://medium.com/d-d-mag/%E5%92%8C-cors-%E8%B7%9F-cookie-%E6%89%93%E4%BA%A4%E9%81%93-dd420ccc7399

跨來源資源共用（CORS）
https://developer.mozilla.org/zh-TW/docs/Web/HTTP/CORS

透過 jsDelivr CDN github 檔案的使用方法：

https://cdn.jsdelivr.net/gh/你的用戶名/你的倉庫名@發佈的版本號/文件路徑

例如我的檔案原本在這裡：
https://github.com/max32002/naikaifont/blob/master/webfont/NaikaiFont-Regular-Lite.woff2

在github隨意新增了一個 release 後，即可使用下面網址來快取檔案：
https://cdn.jsdelivr.net/gh/max32002/naikaifont@1.63/webfont/NaikaiFont-Regular-Lite.woff2

 jsDelivr CDN 的個別援引使用率，可在這裡看： www.jsdelivr.com/package/gh/max32002/naikaifont

資料來源：
Hacking the Western Digital MyCloud NAS
https://blog.exploitee.rs/2017/hacking_wd_mycloud/

直接 Demo WD 的 MyCloud 有那些漏洞沒寫好，應該有很多是軟體工程師的疏失，在寫網路相關的程式應該要去注意。

Western Digital MyCloud Multiple Remote Root Exploits
https://www.youtube.com/watch?v=aKu_yWrIIFI

Command Injection Bugs

A majority of the functionality of the WDCloud web interface is actually handled by CGI scripts on the device. Most of the binaries use the same pattern, they obtain post/get/cookie values from the request, and then use the values within PHP calls to execute shell commands. In most cases, these commands will use the user supplied data with little or no sanitization. For example, consider the following code from the device.

php/users.php

 15 $username = $_COOKIE['username'];
 16 exec("wto -n \"$username\" -g", $ret);

The code above assigns a value from the COOKIE superglobal variable, which contains array indexes for cookies submitted from the request, to the local variable “$username”. This value is then immediately used in a PHP “exec()” call as an argument to the local “wto” binary. Since there is no sanitization, using a username value like

資料來源：Android Intents with Chrome
https://developer.chrome.com/multidevice/android/intents

LINE 的使用範例：

• 開啟貼圖小舖：
  intent://shop/detail/8072#Intent;scheme=line;action=android.intent.action.VIEW;category=android.intent.category.BROWSABLE;package=jp.naver.line.android;end
• 開啟Play商店：
  market://details?id=jp.naver.line.android

Google 官方的使用範例：

Here’s an intent that launches the Zxing barcode scanner app. It follows the syntax thus:

intent:
//scan/
#Intent;
package=com.google.zxing.client.android;
scheme=zxing;
end;

To launch the Zxing barcode scanner app, you encode your href on the anchor as follows:

  <a href="intent://scan/#Intent;scheme=zxing;package=com.google.zxing.client.android;end"> Take a QR code </a>

See the Android Zxing Manifest, which defines the package and the host.

Also, if fallback URL is specified, the full URL will look like this:

   <a href="intent://scan/#Intent;scheme=zxing;package=com.google.zxing.client.android;S.browser_fallback_url=http%3A%2F%2Fzxing.org;end"> Take a QR code </a>

Now the URL will get you to zxing.org if the app could not be found, or the link was triggered from JavaScript without user gesture (or for other cases where we don’t launch an external application.)

附註：如果你用的是 Cordova 請參考這一篇：
https://stackoverflow.max-everyday.com/2017/11/opening-links-from-cordova-app-in-external-app-facebook-twitter-or-browser-both-for-ios-and-android-ask-question/

curl http://line.me/R/shop/detail/8072

傳回結果：

<html>
<head><title>302 Found</title></head>
<body bgcolor="white">
<center><h1>302 Found</h1></center>
<hr><center>nginx</center>
</body>
</html>

測試 iOS 平台 Header

curl -v -H 'User-Agent: Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10' http://line.me/R/shop/detail/8072

執行結果：

<!DOCTYPE html>
<html dir="ltr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1, maximum-scale=1">
<title>LINE</title>
<link rel="stylesheet" href="//scdn.line-apps.com/n/line_urlscheme/css/line_urlscheme_1464238694.css">
<script src="//scdn.line-apps.com/n/line_urlscheme/js/lc.line.scheme_1464238694.js"></script>
</head>

<body>
<!--CONTENTS-AREA-->
<div class="LyContents" role="main">
<section class="MdCMN01Cont">
<p class="mdCMN01Desc">
Open the LINE app to continue.

</p>
<div class="mdCMN01Img"><img src="//scdn.line-apps.com/n/line_urlscheme/img/img_line_160830.png" alt="LINE" width="75" height="75"></div>
<div class="mdCMN01Btn">
<button type="button" class="MdBtn03Gn01" id="jsLaunchApp" data-href="line://shop/detail/8072"> Open LINE App
</button>
<button type="button" class="MdBtn03Gr01" id="jsInstallApp" data-href="itms-apps://itunes.apple.com/app/line-for-ipad/id913855602"> Download LINE App
</button>
</div>
</section>
<!--/LyContents--></div>
<!--/CONTENTS-AREA-->
<!--/SCRIPT-->
</body>
</html>

測試 Android 平台 Header:

curl -H 'User-Agent: Mozilla/5.0 (Linux; U; Android 4.1.1; en-gb; Build/KLP) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30' http://line.me/R/shop/detail/8072

取得結果：

<!DOCTYPE html>
<html dir="ltr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, user-scalable=no, initial-scale=1, maximum-scale=1">
<title>LINE</title>
<link rel="stylesheet" href="//scdn.line-apps.com/n/line_urlscheme/css/line_urlscheme_1464238694.css">
<script src="//scdn.line-apps.com/n/line_urlscheme/js/lc.line.scheme_1464238694.js"></script>
</head>

<body>
<!--CONTENTS-AREA-->
<div class="LyContents" role="main">
<section class="MdCMN01Cont">
<p class="mdCMN01Desc">
Open the LINE app to continue.

</p>
<div class="mdCMN01Img"><img src="//scdn.line-apps.com/n/line_urlscheme/img/img_line_160830.png" alt="LINE" width="75" height="75"></div>
<div class="mdCMN01Btn">
<button type="button" class="MdBtn03Gn01" id="jsLaunchApp" data-href="intent://shop/detail/8072#Intent;scheme=line;action=android.intent.action.VIEW;category=android.intent.category.BROWSABLE;package=jp.naver.line.android;end"> Open LINE App
</button>
<button type="button" class="MdBtn03Gr01" id="jsInstallApp" data-href="market://details?id=jp.naver.line.android"> Download LINE App
</button>
</div>
</section>
<!--/LyContents--></div>
<!--/CONTENTS-AREA-->
<!--/SCRIPT-->
</body>
</html>

Mobile Browser會將所有與 User Agent(簡稱 UA)相關的資訊包含在User Agent String裡（平台、OS、瀏覽器、版本等），除了可以使用javascript偵測User Agent String裡的關鍵字，也可以在Web Server 上處理。

熱門行動的裝置的User Agent String:

iPad:

Mozilla/5.0 (iPad; U; CPU OS 3_2 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Version/4.0.4 Mobile/7B334b Safari/531.21.10

iPhone:

Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16

Chrome for Android Phone:

Mozilla/5.0 (Linux; <Android Version>; <Build Tag etc.>) AppleWebKit/<WebKit Rev> (KHTML, like Gecko) Chrome/<Chrome Rev> Mobile Safari/<WebKit Rev>

Chrome for Android Tablet UA:

Mozilla/5.0 (Linux; <Android Version>; <Build Tag etc.>) AppleWebKit/<WebKit Rev>(KHTML, like Gecko) Chrome/<Chrome Rev> Safari/<WebKit Rev>

• Phone pattern: 'Android' + 'Chrome/[.0-9]* Mobile'
• Tablet pattern: 'Android' + 'Chrome/[.0-9]* (?!Mobile)'

電腦版 Chrome 41.0.2228.0 在 Windows 的 User Agent string:

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36

電腦版 Chrome 在 Mac OS X 的 User Agent string:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36

相關文章：History of the browser user-agent string
為什麼瀏覽器 user-agent string 總是包含 Mozilla/5.0 ?
http://webaim.org/blog/user-agent-string-history/

下指令：
curl -v -H ‘User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36’ http://line.me/R/shop/detail/8072

執行結果：

 < HTTP/1.1 302 Moved Temporarily
 < Server: nginx
 < Date: Thu, 02 Mar 2017 20:23:57 GMT
 < Content-Type: text/html
 < Content-Length: 154
 < Connection: keep-alive
 < Location: http://line.me
 < Cache-Control: no-cache

網址移動到 http://line.me , 應該是不支援的意思。

結論：

• Android系統的行動裝置幾乎都有“Android”字眼，且多搭配webkit引擎的瀏覽器，所以可用這兩者作為關鍵字。
• 而Apple產品的User Agent String幾乎都包含iPhone字眼。