So, I was able to run the Glitch console, but not on Glitch’s website. I basically just took code from https://glitch.com/edit/console.html?---project-name--- , then put it all in one
Code
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Glitch Console</title>
<style>
body {
margin: 0;
font-size: 0;
}
* {
box-sizing: border-box;
}
iframe {
height: 100vh;
width: 100%;
border: none;
}
</style>
<script>
var params = new URLSearchParams(document.location.search.substring(1));
window.addEventListener("load", (e) => {
try {
const token = "" // Get this by going to glitch.com, and run this in your console: JSON.parse(localStorage.cachedUser).persistentToken
const project = "" // Name of your project (duh)
const url = `https://api.glitch.com/${project}/console/${token}/`
const iframe = document.createElement("iframe")
iframe.src = url
document.body.appendChild(iframe)
iframe.contentWindow.focus();
} catch (e) {
const pre = document.createElement("pre")
pre.innerText = "You are not authorized to access the Glitch Console."
document.body.appendChild(pre)
}
})
</script>
</head>
<body></body>
</html>
Example:
4 Likes
Just be really really careful about making this public on the internet because
When someone has access to your token, they can use the console to edit any of your projects, public or private
If someone gets SSH to your site, its over.
6 Likes
This part is what’s really scary.
3 Likes
random
September 19, 2020, 5:16pm
4
This is alright… Totally not dangerous at all…
2 Likes
I was just looking at the API, and found it.
Imagine this scary idea: Someone gets access to loads of tokens, uses puppeteer to go to the page, emulate keyboard events, and does scary evil stuff to tons of projects and possible data deleting, etc.
1 Like
Oof, all of this seems like a bad idea…#feedback security issue.
(Thanks to @youngchief , @random @RiversideRocks and @khalby786 )
3 Likes
I don’t really see why this is a security issue? Just don’t share this key. Simple as that.
2 Likes
Not the console part, the token part. On sites like Discord and Roblox, they print in the console to don’t paste anything there, or they could get access to their account.
So they could put in like “Hey, don’t put anything here!”
Ok, I see what you are saying. I just sort of assume most people know not to paste code in the console on glitch as its a site for devs.
Is this W3Schools editor?
Yes. I made it in notepad, then showcased it in the editor for a side by side view.
2 Likes
Sounds like me lol, I always write my stuff in TextEdit and paste it into the Tryit Editor. Inline CSS and JS aren’t perfect, but they’re easy to move around.
2 Likes
