lobo/cloudflare-troopmaster
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: lobo:c9692a8fc5cefa3c04a75d57fe742d01409738c8
Branches Tags
lobo:master
..
compare: lobo:eeb2b590c3d3c228d048c75fcba6d25d055aa3cc
Branches Tags
lobo:master

No commits in common. "c9692a8fc5cefa3c04a75d57fe742d01409738c8" and "eeb2b590c3d3c228d048c75fcba6d25d055aa3cc" have entirely different histories.
c9692a8fc5 ... eeb2b590c3

1 changed files with 10 additions and 19 deletions
Show Stats Expand all files Collapse all files

29
index.js
View File

@ -41,16 +41,8 @@ async function modifyBody(pageContentTextPromise, originalResponse) {
`<div id="pagecontent">
<!--edge side include via cf worker-->
${await pageContentResponse.text()}
<!--invisible image to establish tm cookie. Note that troopmaster redirects this https to
/Website/Home, then redirects again, explicitly to http. Since Troopmaste also
doesn't respect CORS, our only way to establish a cookie for login is with this image
tag that eventually will try to fetch an http resource, but we can't tell the browser
here to avoid redirects (we don't want the "image", only the cookie). as if that's not
enough, javascript on /Website/Home actually checks for http and does a
**CLIENT SIDE REDIRECT BACK TO HTTPS**, resulting in a wild flash that we just
avoid with a simple 302 (first in this worker, then back as a checkbox on the
CloudFlare dashboard. Seriously, people...I don't know whether to laugh or cry -->
<img src="https://tmweb.troopmaster.com/mysite/${TMSITENAME}?Home" height="1" width="1" style="opacity:0" >
<!--invisible image to establish tm cookie-->
<img src="https://tmweb.troopmaster.com/mysite/${TMSITENAME}" height="1" width="1" style="opacity:0" >
<!--end invisible image to establish tm cookie-->
<!--End edge side include via cf worker-->
</div>`);
@ -111,15 +103,14 @@ async function handleRequest(request) {
const requestPath = requestUrl.pathname;
let originUrl = `${originHost}${requestPath}`;
let home = null;
// Cloudflare offers this as a checkbox
// if (requestUrl.protocol === 'http:') {
// // The front-end has javascript to refresh the page after the whole
// // thing has been rendered, resulting in an ugly flash. We'll do the
// // redirect server (well, edge) side instead. Note this breaks debugging,
// // which we can fix later because deploys are so fast that we can
// // just YOLO our changes
// return Response.redirect(request.url.replace(/^http/, 'https'), 301);
// }
if (requestUrl.protocol === 'http:') {
// The front-end has javascript to refresh the page after the whole
// thing has been rendered, resulting in an ugly flash. We'll do the
// redirect server (well, edge) side instead. Note this breaks debugging,
// which we can fix later because deploys are so fast that we can
// just YOLO our changes
return Response.redirect(request.url.replace(/^http/, 'https'), 301);
}
if (requestPath === '/' && request.method === 'GET') {
originUrl = origin;
home = homePage(originHost);