document the tragedy that is tmweb...

comment http redirection, as this is handled by CF. Leave code as a reminder of the checkbox
2020-04-23 17:04:01 -07:00 · 2020-04-23 17:03:31 -07:00
1 changed files with 19 additions and 10 deletions
--- a/index.js
+++ b/index.js
@ -41,8 +41,16 @@ async function modifyBody(pageContentTextPromise, originalResponse) {
        `<div id="pagecontent">
          <!--edge side include via cf worker-->
          ${await pageContentResponse.text()}
-          <!--invisible image to establish tm cookie-->
-          <img src="https://tmweb.troopmaster.com/mysite/${TMSITENAME}" height="1" width="1" style="opacity:0" >
+          <!--invisible image to establish tm cookie. Note that troopmaster redirects this https to
+              /Website/Home, then redirects again, explicitly to http. Since Troopmaste also
+              doesn't respect CORS, our only way to establish a cookie for login is with this image
+              tag that eventually will try to fetch an http resource, but we can't tell the browser
+              here to avoid redirects (we don't want the "image", only the cookie). as if that's not
+              enough, javascript on /Website/Home actually checks for http and does a
+              **CLIENT SIDE REDIRECT BACK TO HTTPS**, resulting in a wild flash that we just
+              avoid with a simple 302 (first in this worker, then back as a checkbox on the
+              CloudFlare dashboard. Seriously, people...I don't know whether to laugh or cry -->
+          <img src="https://tmweb.troopmaster.com/mysite/${TMSITENAME}?Home" height="1" width="1" style="opacity:0" >
          <!--end invisible image to establish tm cookie-->
          <!--End edge side include via cf worker-->
         </div>`);
@ -103,14 +111,15 @@ async function handleRequest(request) {
    const requestPath = requestUrl.pathname;
    let originUrl = `${originHost}${requestPath}`;
    let home = null;
-    if (requestUrl.protocol === 'http:') {
-      // The front-end has javascript to refresh the page after the whole
-      // thing has been rendered, resulting in an ugly flash. We'll do the
-      // redirect server (well, edge) side instead. Note this breaks debugging,
-      // which we can fix later because deploys are so fast that we can
-      // just YOLO our changes
-      return Response.redirect(request.url.replace(/^http/, 'https'), 301);
-    }
+    // Cloudflare offers this as a checkbox
+    // if (requestUrl.protocol === 'http:') {
+    //   // The front-end has javascript to refresh the page after the whole
+    //   // thing has been rendered, resulting in an ugly flash. We'll do the
+    //   // redirect server (well, edge) side instead. Note this breaks debugging,
+    //   // which we can fix later because deploys are so fast that we can
+    //   // just YOLO our changes
+    //   return Response.redirect(request.url.replace(/^http/, 'https'), 301);
+    // }
    if (requestPath === '/' && request.method === 'GET') {
      originUrl = origin;
      home = homePage(originHost);
Author	SHA1	Message	Date
Emil Lerch	c9692a8fc5	document the tragedy that is tmweb...	2020-04-23 17:04:01 -07:00
Emil Lerch	d3f0eeb66b	comment http redirection, as this is handled by CF. Leave code as a reminder of the checkbox	2020-04-23 17:03:31 -07:00