Compare commits

..

No commits in common. "1ed8213ebe97f7a28626711e665c0be20cb4ec8a" and "c9692a8fc5cefa3c04a75d57fe742d01409738c8" have entirely different histories.

View File

@ -41,34 +41,23 @@ async function modifyBody(pageContentTextPromise, originalResponse) {
`<div id="pagecontent">
<!--edge side include via cf worker-->
${await pageContentResponse.text()}
<!--invisible image to establish tm cookie. Note that troopmaster redirects this https to
/Website/Home, then redirects again, explicitly to http. Since Troopmaste also
doesn't respect CORS, our only way to establish a cookie for login is with this image
tag that eventually will try to fetch an http resource, but we can't tell the browser
here to avoid redirects (we don't want the "image", only the cookie). as if that's not
enough, javascript on /Website/Home actually checks for http and does a
**CLIENT SIDE REDIRECT BACK TO HTTPS**, resulting in a wild flash that we just
avoid with a simple 302 (first in this worker, then back as a checkbox on the
CloudFlare dashboard. Seriously, people...I don't know whether to laugh or cry -->
<img src="https://tmweb.troopmaster.com/mysite/${TMSITENAME}?Home" height="1" width="1" style="opacity:0" >
<!--end invisible image to establish tm cookie-->
<!--End edge side include via cf worker-->
</div>`);
responseBodyText = responseBodyText.replace(initialloadJs, '');
responseBodyText = responseBodyText.replace(login, `
var image = new Image(1, 1);
image.style.cssText = "opacity:0";
document.body.appendChild(image);
// listen for the image's error event before assigning a source
// We use error here because content policy will block loading an
// http resource. Why is it http? Because troopmaster redirects
// our nice clean https to http (then if this were a real request,
// would happily redirect **BACK** to https via client side JS
image.addEventListener('error', function() {
// this function is invoked in the future,
// when the image load event has been fired (and cookies extablished
location.href = 'https://tmweb.troopmaster.com/Login/Index?website';
});
// in case troopmaster fixes this bizarre behavior, we will set up
// a load function too
image.addEventListener('load', function() {
// this function is invoked in the future,
// when the image load event has been fired (and cookies extablished
location.href = 'https://tmweb.troopmaster.com/Login/Index?website';
});
// Set src and trigger the browser to load
image.src = "https://tmweb.troopmaster.com/mysite/${TMSITENAME}?Home"`); // eslint-disable-line no-undef
responseBodyText = responseBodyText.replace(login,
`location.href = 'https://tmweb.troopmaster.com/Login/Index?website'`); // eslint-disable-line no-undef
extraheaders['X-worker-modification-status'] = 'modified';
extraheaders['X-worker-modification-getcontent-ok'] = 'true';
@ -118,7 +107,7 @@ async function handleRequest(request) {
// curl -b TroopMasterWebSiteID=203232 -v https://tmweb.troopmaster.com/Website/Home
const origin = 'https://tmweb.troopmaster.com/Website/Home';
const originHost = 'https://tmweb.troopmaster.com';
const requestUrl = new URL(request.url);
const requestUrl = new URL(request.url)
const requestPath = requestUrl.pathname;
let originUrl = `${originHost}${requestPath}`;
let home = null;