const corsHeaders = { 'Access-Control-Allow-Origin': '*', 'Access-Control-Allow-Methods': 'GET,HEAD,POST,OPTIONS', 'Access-Control-Max-Age': '86400', }; // eslint-disable-next-line no-unused-vars const allowedDomains = [ 'https://v2.sg.media-imdb.com', 'https://gomo.to', 'https://lookmovie.io', 'https://gomoplayer.com', 'https://api.opensubtitles.org', 'https://www.vmovee.watch', ]; async function handleRequest(request, destinationUrl, iteration = 0) { console.log( `PROXYING ${destinationUrl}${ iteration ? ' ON ITERATION ' + iteration : '' }`, ); // Rewrite request to point to API url. This also makes the request mutable // so we can add the correct Origin header to make the API server think // that this request isn't cross-site. request = new Request(destinationUrl, request); request.headers.set('Origin', new URL(destinationUrl).origin); // Set PHPSESSID cookie if (request.headers.get('PHPSESSID')) { request.headers.set( 'Cookie', `PHPSESSID=${request.headers.get('PHPSESSID')};`, ); } // Set User Agent request.headers.set( 'User-Agent', ' Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0', ); let response = await fetch(request); if ( (response.status === 302 || response.status === 301) && response.headers.get('location') ) { if (iteration > 5) { event.respondWith( new Response('418 Too many redirects', { status: 418, }), ); } return await handleRequest( request, response.headers.get('location'), iteration + 1, ); } // Recreate the response so we can modify the headers response = new Response(response.body, response); // Set CORS headers response.headers.set('Access-Control-Allow-Origin', '*'); response.headers.set('Access-Control-Expose-Headers', '*'); // Get and set PHPSESSID cookie const cookies = response.headers.get('Set-Cookie'); if (cookies && cookies.includes('PHPSESSID') && cookies.includes(';')) { let phpsessid = cookies.slice(cookies.search('PHPSESSID') + 10); phpsessid = phpsessid.slice(0, phpsessid.search(';')); response.headers.set('PHPSESSID', phpsessid); } // Append to/Add Vary header so browser will cache response correctly response.headers.append('Vary', 'Origin'); return response; } function handleOptions(request) { // Make sure the necessary headers are present // for this to be a valid pre-flight request let headers = request.headers; if ( headers.get('Origin') !== null && headers.get('Access-Control-Request-Method') !== null && headers.get('Access-Control-Request-Headers') !== null ) { return new Response(null, { headers: { ...corsHeaders, // Allow all future content Request headers to go back to browser // such as Authorization (Bearer) or X-Client-Name-Version 'Access-Control-Allow-Headers': request.headers.get( 'Access-Control-Request-Headers', ), }, }); } else { // Handle standard OPTIONS request return new Response(null, { headers: { Allow: 'GET, HEAD, POST, OPTIONS', }, }); } } addEventListener('fetch', (event) => { const request = event.request; const url = new URL(request.url); const destinationUrl = url.searchParams.get('destination'); console.log(`HTTP ${request.method} - ${request.url}`); if (request.method === 'OPTIONS') { // Handle CORS preflight requests event.respondWith(handleOptions(request)); } else if (!destinationUrl) { event.respondWith( new Response('200 OK', { status: 200, headers: { Allow: 'GET, HEAD, POST, OPTIONS', 'Access-Control-Allow-Origin': '*', }, }), ); } // else if (!allowedDomains.find(domain => destinationUrl.startsWith(domain))) { // event.respondWith( // new Response('404 Not Found', { // status: 404, // }), // ); // } else if ( request.method === 'GET' || request.method === 'HEAD' || request.method === 'POST' ) { // Handle request event.respondWith(handleRequest(request, destinationUrl)); } else { event.respondWith( new Response('404 Not Found', { status: 404, }), ); } });