lobo/cloudflare-troopmaster
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: lobo:eeb2b590c3d3c228d048c75fcba6d25d055aa3cc
Branches Tags
lobo:master
..
compare: lobo:c9692a8fc5cefa3c04a75d57fe742d01409738c8
Branches Tags
lobo:master

2 Commits
eeb2b590c3 ... c9692a8fc5

Author SHA1 Message Date
Emil Lerch
c9692a8fc5
document the tragedy that is tmweb... 2020-04-23 17:04:01 -07:00
Emil Lerch
d3f0eeb66b
comment http redirection, as this is handled by CF. Leave code as a reminder of the checkbox 2020-04-23 17:03:31 -07:00
1 changed files with 19 additions and 10 deletions
Show Stats Expand all files Collapse all files

29
index.js
View File

@ -41,8 +41,16 @@ async function modifyBody(pageContentTextPromise, originalResponse) {
`<div id="pagecontent"> `<div id="pagecontent">
<!--edge side include via cf worker--> <!--edge side include via cf worker-->
${await pageContentResponse.text()} ${await pageContentResponse.text()}
<!--invisible image to establish tm cookie--> <!--invisible image to establish tm cookie. Note that troopmaster redirects this https to
<img src="https://tmweb.troopmaster.com/mysite/${TMSITENAME}" height="1" width="1" style="opacity:0" > /Website/Home, then redirects again, explicitly to http. Since Troopmaste also
doesn't respect CORS, our only way to establish a cookie for login is with this image
tag that eventually will try to fetch an http resource, but we can't tell the browser
here to avoid redirects (we don't want the "image", only the cookie). as if that's not
enough, javascript on /Website/Home actually checks for http and does a
**CLIENT SIDE REDIRECT BACK TO HTTPS**, resulting in a wild flash that we just
avoid with a simple 302 (first in this worker, then back as a checkbox on the
CloudFlare dashboard. Seriously, people...I don't know whether to laugh or cry -->
<img src="https://tmweb.troopmaster.com/mysite/${TMSITENAME}?Home" height="1" width="1" style="opacity:0" >
<!--end invisible image to establish tm cookie--> <!--end invisible image to establish tm cookie-->
<!--End edge side include via cf worker--> <!--End edge side include via cf worker-->
</div>`); </div>`);
@ -103,14 +111,15 @@ async function handleRequest(request) {
const requestPath = requestUrl.pathname; const requestPath = requestUrl.pathname;
let originUrl = `${originHost}${requestPath}`; let originUrl = `${originHost}${requestPath}`;
let home = null; let home = null;
if (requestUrl.protocol === 'http:') { // Cloudflare offers this as a checkbox
// The front-end has javascript to refresh the page after the whole // if (requestUrl.protocol === 'http:') {
// thing has been rendered, resulting in an ugly flash. We'll do the // // The front-end has javascript to refresh the page after the whole
// redirect server (well, edge) side instead. Note this breaks debugging, // // thing has been rendered, resulting in an ugly flash. We'll do the
// which we can fix later because deploys are so fast that we can // // redirect server (well, edge) side instead. Note this breaks debugging,
// just YOLO our changes // // which we can fix later because deploys are so fast that we can
return Response.redirect(request.url.replace(/^http/, 'https'), 301); // // just YOLO our changes
} // return Response.redirect(request.url.replace(/^http/, 'https'), 301);
// }
if (requestPath === '/' && request.method === 'GET') { if (requestPath === '/' && request.method === 'GET') {
originUrl = origin; originUrl = origin;
home = homePage(originHost); home = homePage(originHost);