mirror of
https://github.com/movie-web/simple-proxy.git
synced 2025-09-13 16:33:27 +00:00
Merge pull request #4 from jonbarrow/dev
Fixed support for X-Cookie, X-Referer, X-Origin, and X-Set-Cookie headers
This commit is contained in:
James Hawkins
GitHub
138
src/main.js
138
src/main.js
@@ -4,66 +4,100 @@ const corsHeaders = {
|
|||||||
'Access-Control-Max-Age': '86400',
|
'Access-Control-Max-Age': '86400',
|
||||||
};
|
};
|
||||||
|
|
||||||
async function handleRequest(request, destinationUrl, iteration = 0) {
|
async function handleRequest(oRequest, destination, iteration = 0) {
|
||||||
console.log(
|
console.log(
|
||||||
`PROXYING ${destinationUrl}${
|
`PROXYING ${destination}${iteration ? ' ON ITERATION ' + iteration : ''}`,
|
||||||
iteration ? ' ON ITERATION ' + iteration : ''
|
|
||||||
}`,
|
|
||||||
);
|
);
|
||||||
|
|
||||||
// Rewrite request to point to API url. This also makes the request mutable
|
// Create a new mutable request object for the destination
|
||||||
// so we can add the correct Origin header to make the API server think
|
const request = new Request(destination, oRequest);
|
||||||
// that this request isn't cross-site.
|
request.headers.set('Origin', new URL(destination).origin);
|
||||||
request = new Request(destinationUrl, request);
|
|
||||||
request.headers.set('Origin', new URL(destinationUrl).origin);
|
// TODO - Make cookie handling better. PHPSESSID overwrites all other cookie related headers
|
||||||
|
|
||||||
|
// Add custom X headers from client
|
||||||
|
// These headers are usually forbidden to be set by fetch
|
||||||
|
if (oRequest.headers.has('X-Cookie')) {
|
||||||
|
request.headers.set('Cookie', oRequest.headers.get('X-Cookie'));
|
||||||
|
request.headers.delete('X-Cookie');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (request.headers.has('X-Referer')) {
|
||||||
|
request.headers.set('Referer', request.headers.get('X-Referer'));
|
||||||
|
request.headers.delete('X-Referer');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (request.headers.has('X-Origin')) {
|
||||||
|
request.headers.set('Origin', request.headers.get('X-Origin'));
|
||||||
|
request.headers.delete('X-Origin');
|
||||||
|
}
|
||||||
|
|
||||||
// Set PHPSESSID cookie
|
// Set PHPSESSID cookie
|
||||||
if (request.headers.get('PHPSESSID')) {
|
if (request.headers.get('PHPSESSID')) {
|
||||||
request.headers.set(
|
request.headers.set(
|
||||||
'Cookie',
|
'Cookie',
|
||||||
`PHPSESSID=${request.headers.get('PHPSESSID')};`,
|
`PHPSESSID=${request.headers.get('PHPSESSID')}`,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set User Agent
|
// Set User Agent, if not exists
|
||||||
request.headers.set(
|
const useragent = request.headers.get('User-Agent');
|
||||||
'User-Agent',
|
if (!useragent) {
|
||||||
' Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0',
|
request.headers.set(
|
||||||
);
|
'User-Agent',
|
||||||
|
'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0',
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
let response = await fetch(request);
|
// Fetch the new resource
|
||||||
|
const oResponse = await fetch(request);
|
||||||
|
|
||||||
|
// If the server returned a redirect, follow it
|
||||||
if (
|
if (
|
||||||
(response.status === 302 || response.status === 301) &&
|
(oResponse.status === 302 || oResponse.status === 301) &&
|
||||||
response.headers.get('location')
|
oResponse.headers.get('location')
|
||||||
) {
|
) {
|
||||||
|
// Server tried to redirect too many times
|
||||||
if (iteration > 5) {
|
if (iteration > 5) {
|
||||||
event.respondWith(
|
return event.respondWith(
|
||||||
new Response('418 Too many redirects', {
|
new Response('418 Too many redirects', {
|
||||||
status: 418,
|
status: 418,
|
||||||
}),
|
}),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Handle and return the request for the redirected destination
|
||||||
return await handleRequest(
|
return await handleRequest(
|
||||||
request,
|
request,
|
||||||
response.headers.get('location'),
|
oResponse.headers.get('location'),
|
||||||
iteration + 1,
|
iteration + 1,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Recreate the response so we can modify the headers
|
// Create mutable response using the original response as init
|
||||||
response = new Response(response.body, response);
|
const response = new Response(oResponse.body, oResponse);
|
||||||
|
|
||||||
// Set CORS headers
|
// Set CORS headers
|
||||||
response.headers.set('Access-Control-Allow-Origin', '*');
|
response.headers.set('Access-Control-Allow-Origin', '*');
|
||||||
response.headers.set('Access-Control-Expose-Headers', '*');
|
response.headers.set('Access-Control-Expose-Headers', '*');
|
||||||
|
|
||||||
// Get and set PHPSESSID cookie
|
const cookiesToSet = response.headers.get('Set-Cookie');
|
||||||
const cookies = response.headers.get('Set-Cookie');
|
|
||||||
if (cookies && cookies.includes('PHPSESSID') && cookies.includes(';')) {
|
// Transfer Set-Cookie to X-Set-Cookie
|
||||||
|
// Normally the Set-Cookie header is not accessible to fetch clients
|
||||||
|
if (cookiesToSet) {
|
||||||
|
response.headers.set('X-Set-Cookie', response.headers.get('Set-Cookie'));
|
||||||
|
}
|
||||||
|
|
||||||
|
// Set PHPSESSID cookie
|
||||||
|
if (
|
||||||
|
cookiesToSet &&
|
||||||
|
cookiesToSet.includes('PHPSESSID') &&
|
||||||
|
cookiesToSet.includes(';')
|
||||||
|
) {
|
||||||
let phpsessid = cookies.slice(cookies.search('PHPSESSID') + 10);
|
let phpsessid = cookies.slice(cookies.search('PHPSESSID') + 10);
|
||||||
phpsessid = phpsessid.slice(0, phpsessid.search(';'));
|
phpsessid = phpsessid.slice(0, phpsessid.search(';'));
|
||||||
|
|
||||||
response.headers.set('PHPSESSID', phpsessid);
|
response.headers.set('PHPSESSID', phpsessid);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -76,14 +110,19 @@ async function handleRequest(request, destinationUrl, iteration = 0) {
|
|||||||
function handleOptions(request) {
|
function handleOptions(request) {
|
||||||
// Make sure the necessary headers are present
|
// Make sure the necessary headers are present
|
||||||
// for this to be a valid pre-flight request
|
// for this to be a valid pre-flight request
|
||||||
let headers = request.headers;
|
const headers = request.headers;
|
||||||
|
let response = new Response(null, {
|
||||||
|
headers: {
|
||||||
|
Allow: 'GET, HEAD, POST, OPTIONS',
|
||||||
|
},
|
||||||
|
});
|
||||||
|
|
||||||
if (
|
if (
|
||||||
headers.get('Origin') !== null &&
|
headers.get('Origin') !== null &&
|
||||||
headers.get('Access-Control-Request-Method') !== null &&
|
headers.get('Access-Control-Request-Method') !== null &&
|
||||||
headers.get('Access-Control-Request-Headers') !== null
|
headers.get('Access-Control-Request-Headers') !== null
|
||||||
) {
|
) {
|
||||||
return new Response(null, {
|
response = new Response(null, {
|
||||||
headers: {
|
headers: {
|
||||||
...corsHeaders,
|
...corsHeaders,
|
||||||
// Allow all future content Request headers to go back to browser
|
// Allow all future content Request headers to go back to browser
|
||||||
@@ -93,48 +132,41 @@ function handleOptions(request) {
|
|||||||
),
|
),
|
||||||
},
|
},
|
||||||
});
|
});
|
||||||
} else {
|
|
||||||
// Handle standard OPTIONS request
|
|
||||||
return new Response(null, {
|
|
||||||
headers: {
|
|
||||||
Allow: 'GET, HEAD, POST, OPTIONS',
|
|
||||||
},
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return response;
|
||||||
}
|
}
|
||||||
|
|
||||||
addEventListener('fetch', (event) => {
|
addEventListener('fetch', (event) => {
|
||||||
const request = event.request;
|
const request = event.request;
|
||||||
const url = new URL(request.url);
|
const url = new URL(request.url);
|
||||||
const destinationUrl = url.searchParams.get('destination');
|
const destination = url.searchParams.get('destination');
|
||||||
|
|
||||||
console.log(`HTTP ${request.method} - ${request.url}`);
|
console.log(`HTTP ${request.method} - ${request.url}`);
|
||||||
|
|
||||||
|
let response = new Response('404 Not Found', {
|
||||||
|
status: 404,
|
||||||
|
});
|
||||||
|
|
||||||
if (request.method === 'OPTIONS') {
|
if (request.method === 'OPTIONS') {
|
||||||
// Handle CORS preflight requests
|
// Handle CORS preflight requests
|
||||||
event.respondWith(handleOptions(request));
|
response = handleOptions(request);
|
||||||
} else if (!destinationUrl) {
|
} else if (!destination) {
|
||||||
event.respondWith(
|
response = new Response('200 OK', {
|
||||||
new Response('200 OK', {
|
status: 200,
|
||||||
status: 200,
|
headers: {
|
||||||
headers: {
|
Allow: 'GET, HEAD, POST, OPTIONS',
|
||||||
Allow: 'GET, HEAD, POST, OPTIONS',
|
'Access-Control-Allow-Origin': '*',
|
||||||
'Access-Control-Allow-Origin': '*',
|
},
|
||||||
},
|
});
|
||||||
}),
|
|
||||||
);
|
|
||||||
} else if (
|
} else if (
|
||||||
request.method === 'GET' ||
|
request.method === 'GET' ||
|
||||||
request.method === 'HEAD' ||
|
request.method === 'HEAD' ||
|
||||||
request.method === 'POST'
|
request.method === 'POST'
|
||||||
) {
|
) {
|
||||||
// Handle request
|
// Handle request
|
||||||
event.respondWith(handleRequest(request, destinationUrl));
|
response = handleRequest(request, destination);
|
||||||
} else {
|
|
||||||
event.respondWith(
|
|
||||||
new Response('404 Not Found', {
|
|
||||||
status: 404,
|
|
||||||
}),
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
event.respondWith(response);
|
||||||
});
|
});
|
||||||
|
|||||||
Reference in New Issue
Block a user