Compare commits

..

2 Commits

View File

@ -41,8 +41,16 @@ async function modifyBody(pageContentTextPromise, originalResponse) {
`<div id="pagecontent"> `<div id="pagecontent">
<!--edge side include via cf worker--> <!--edge side include via cf worker-->
${await pageContentResponse.text()} ${await pageContentResponse.text()}
<!--invisible image to establish tm cookie--> <!--invisible image to establish tm cookie. Note that troopmaster redirects this https to
<img src="https://tmweb.troopmaster.com/mysite/${TMSITENAME}" height="1" width="1" style="opacity:0" > /Website/Home, then redirects again, explicitly to http. Since Troopmaste also
doesn't respect CORS, our only way to establish a cookie for login is with this image
tag that eventually will try to fetch an http resource, but we can't tell the browser
here to avoid redirects (we don't want the "image", only the cookie). as if that's not
enough, javascript on /Website/Home actually checks for http and does a
**CLIENT SIDE REDIRECT BACK TO HTTPS**, resulting in a wild flash that we just
avoid with a simple 302 (first in this worker, then back as a checkbox on the
CloudFlare dashboard. Seriously, people...I don't know whether to laugh or cry -->
<img src="https://tmweb.troopmaster.com/mysite/${TMSITENAME}?Home" height="1" width="1" style="opacity:0" >
<!--end invisible image to establish tm cookie--> <!--end invisible image to establish tm cookie-->
<!--End edge side include via cf worker--> <!--End edge side include via cf worker-->
</div>`); </div>`);
@ -103,14 +111,15 @@ async function handleRequest(request) {
const requestPath = requestUrl.pathname; const requestPath = requestUrl.pathname;
let originUrl = `${originHost}${requestPath}`; let originUrl = `${originHost}${requestPath}`;
let home = null; let home = null;
if (requestUrl.protocol === 'http:') { // Cloudflare offers this as a checkbox
// The front-end has javascript to refresh the page after the whole // if (requestUrl.protocol === 'http:') {
// thing has been rendered, resulting in an ugly flash. We'll do the // // The front-end has javascript to refresh the page after the whole
// redirect server (well, edge) side instead. Note this breaks debugging, // // thing has been rendered, resulting in an ugly flash. We'll do the
// which we can fix later because deploys are so fast that we can // // redirect server (well, edge) side instead. Note this breaks debugging,
// just YOLO our changes // // which we can fix later because deploys are so fast that we can
return Response.redirect(request.url.replace(/^http/, 'https'), 301); // // just YOLO our changes
} // return Response.redirect(request.url.replace(/^http/, 'https'), 301);
// }
if (requestPath === '/' && request.method === 'GET') { if (requestPath === '/' && request.method === 'GET') {
originUrl = origin; originUrl = origin;
home = homePage(originHost); home = homePage(originHost);