Compare commits

...

2 Commits

View File

@ -41,8 +41,16 @@ async function modifyBody(pageContentTextPromise, originalResponse) {
`<div id="pagecontent">
<!--edge side include via cf worker-->
${await pageContentResponse.text()}
<!--invisible image to establish tm cookie-->
<img src="https://tmweb.troopmaster.com/mysite/${TMSITENAME}" height="1" width="1" style="opacity:0" >
<!--invisible image to establish tm cookie. Note that troopmaster redirects this https to
/Website/Home, then redirects again, explicitly to http. Since Troopmaste also
doesn't respect CORS, our only way to establish a cookie for login is with this image
tag that eventually will try to fetch an http resource, but we can't tell the browser
here to avoid redirects (we don't want the "image", only the cookie). as if that's not
enough, javascript on /Website/Home actually checks for http and does a
**CLIENT SIDE REDIRECT BACK TO HTTPS**, resulting in a wild flash that we just
avoid with a simple 302 (first in this worker, then back as a checkbox on the
CloudFlare dashboard. Seriously, people...I don't know whether to laugh or cry -->
<img src="https://tmweb.troopmaster.com/mysite/${TMSITENAME}?Home" height="1" width="1" style="opacity:0" >
<!--end invisible image to establish tm cookie-->
<!--End edge side include via cf worker-->
</div>`);
@ -103,14 +111,15 @@ async function handleRequest(request) {
const requestPath = requestUrl.pathname;
let originUrl = `${originHost}${requestPath}`;
let home = null;
if (requestUrl.protocol === 'http:') {
// The front-end has javascript to refresh the page after the whole
// thing has been rendered, resulting in an ugly flash. We'll do the
// redirect server (well, edge) side instead. Note this breaks debugging,
// which we can fix later because deploys are so fast that we can
// just YOLO our changes
return Response.redirect(request.url.replace(/^http/, 'https'), 301);
}
// Cloudflare offers this as a checkbox
// if (requestUrl.protocol === 'http:') {
// // The front-end has javascript to refresh the page after the whole
// // thing has been rendered, resulting in an ugly flash. We'll do the
// // redirect server (well, edge) side instead. Note this breaks debugging,
// // which we can fix later because deploys are so fast that we can
// // just YOLO our changes
// return Response.redirect(request.url.replace(/^http/, 'https'), 301);
// }
if (requestPath === '/' && request.method === 'GET') {
originUrl = origin;
home = homePage(originHost);