Compare commits
2 Commits
eeb2b590c3
...
c9692a8fc5
Author | SHA1 | Date | |
---|---|---|---|
c9692a8fc5 | |||
d3f0eeb66b |
29
index.js
29
index.js
|
@ -41,8 +41,16 @@ async function modifyBody(pageContentTextPromise, originalResponse) {
|
|||
`<div id="pagecontent">
|
||||
<!--edge side include via cf worker-->
|
||||
${await pageContentResponse.text()}
|
||||
<!--invisible image to establish tm cookie-->
|
||||
<img src="https://tmweb.troopmaster.com/mysite/${TMSITENAME}" height="1" width="1" style="opacity:0" >
|
||||
<!--invisible image to establish tm cookie. Note that troopmaster redirects this https to
|
||||
/Website/Home, then redirects again, explicitly to http. Since Troopmaste also
|
||||
doesn't respect CORS, our only way to establish a cookie for login is with this image
|
||||
tag that eventually will try to fetch an http resource, but we can't tell the browser
|
||||
here to avoid redirects (we don't want the "image", only the cookie). as if that's not
|
||||
enough, javascript on /Website/Home actually checks for http and does a
|
||||
**CLIENT SIDE REDIRECT BACK TO HTTPS**, resulting in a wild flash that we just
|
||||
avoid with a simple 302 (first in this worker, then back as a checkbox on the
|
||||
CloudFlare dashboard. Seriously, people...I don't know whether to laugh or cry -->
|
||||
<img src="https://tmweb.troopmaster.com/mysite/${TMSITENAME}?Home" height="1" width="1" style="opacity:0" >
|
||||
<!--end invisible image to establish tm cookie-->
|
||||
<!--End edge side include via cf worker-->
|
||||
</div>`);
|
||||
|
@ -103,14 +111,15 @@ async function handleRequest(request) {
|
|||
const requestPath = requestUrl.pathname;
|
||||
let originUrl = `${originHost}${requestPath}`;
|
||||
let home = null;
|
||||
if (requestUrl.protocol === 'http:') {
|
||||
// The front-end has javascript to refresh the page after the whole
|
||||
// thing has been rendered, resulting in an ugly flash. We'll do the
|
||||
// redirect server (well, edge) side instead. Note this breaks debugging,
|
||||
// which we can fix later because deploys are so fast that we can
|
||||
// just YOLO our changes
|
||||
return Response.redirect(request.url.replace(/^http/, 'https'), 301);
|
||||
}
|
||||
// Cloudflare offers this as a checkbox
|
||||
// if (requestUrl.protocol === 'http:') {
|
||||
// // The front-end has javascript to refresh the page after the whole
|
||||
// // thing has been rendered, resulting in an ugly flash. We'll do the
|
||||
// // redirect server (well, edge) side instead. Note this breaks debugging,
|
||||
// // which we can fix later because deploys are so fast that we can
|
||||
// // just YOLO our changes
|
||||
// return Response.redirect(request.url.replace(/^http/, 'https'), 301);
|
||||
// }
|
||||
if (requestPath === '/' && request.method === 'GET') {
|
||||
originUrl = origin;
|
||||
home = homePage(originHost);
|
||||
|
|
Loading…
Reference in New Issue
Block a user