Compare commits

..

No commits in common. "c9692a8fc5cefa3c04a75d57fe742d01409738c8" and "eeb2b590c3d3c228d048c75fcba6d25d055aa3cc" have entirely different histories.

View File

@ -41,16 +41,8 @@ async function modifyBody(pageContentTextPromise, originalResponse) {
`<div id="pagecontent"> `<div id="pagecontent">
<!--edge side include via cf worker--> <!--edge side include via cf worker-->
${await pageContentResponse.text()} ${await pageContentResponse.text()}
<!--invisible image to establish tm cookie. Note that troopmaster redirects this https to <!--invisible image to establish tm cookie-->
/Website/Home, then redirects again, explicitly to http. Since Troopmaste also <img src="https://tmweb.troopmaster.com/mysite/${TMSITENAME}" height="1" width="1" style="opacity:0" >
doesn't respect CORS, our only way to establish a cookie for login is with this image
tag that eventually will try to fetch an http resource, but we can't tell the browser
here to avoid redirects (we don't want the "image", only the cookie). as if that's not
enough, javascript on /Website/Home actually checks for http and does a
**CLIENT SIDE REDIRECT BACK TO HTTPS**, resulting in a wild flash that we just
avoid with a simple 302 (first in this worker, then back as a checkbox on the
CloudFlare dashboard. Seriously, people...I don't know whether to laugh or cry -->
<img src="https://tmweb.troopmaster.com/mysite/${TMSITENAME}?Home" height="1" width="1" style="opacity:0" >
<!--end invisible image to establish tm cookie--> <!--end invisible image to establish tm cookie-->
<!--End edge side include via cf worker--> <!--End edge side include via cf worker-->
</div>`); </div>`);
@ -111,15 +103,14 @@ async function handleRequest(request) {
const requestPath = requestUrl.pathname; const requestPath = requestUrl.pathname;
let originUrl = `${originHost}${requestPath}`; let originUrl = `${originHost}${requestPath}`;
let home = null; let home = null;
// Cloudflare offers this as a checkbox if (requestUrl.protocol === 'http:') {
// if (requestUrl.protocol === 'http:') { // The front-end has javascript to refresh the page after the whole
// // The front-end has javascript to refresh the page after the whole // thing has been rendered, resulting in an ugly flash. We'll do the
// // thing has been rendered, resulting in an ugly flash. We'll do the // redirect server (well, edge) side instead. Note this breaks debugging,
// // redirect server (well, edge) side instead. Note this breaks debugging, // which we can fix later because deploys are so fast that we can
// // which we can fix later because deploys are so fast that we can // just YOLO our changes
// // just YOLO our changes return Response.redirect(request.url.replace(/^http/, 'https'), 301);
// return Response.redirect(request.url.replace(/^http/, 'https'), 301); }
// }
if (requestPath === '/' && request.method === 'GET') { if (requestPath === '/' && request.method === 'GET') {
originUrl = origin; originUrl = origin;
home = homePage(originHost); home = homePage(originHost);