From f2dae21f4de37d1c6bae45413d0e60cdf5673c68 Mon Sep 17 00:00:00 2001 From: yize Date: Fri, 13 Jul 2018 00:51:53 +0800 Subject: [PATCH] fix: local file maybe block by origin null --- package.json | 2 +- src/background.js | 5 +++++ src/defaultData.json | 12 +++++++++++ src/forward.js | 49 ++++++++++++++++++++++++++++++++++++-------- src/manifest.json | 2 +- test/index.spec.js | 12 +++++------ 6 files changed, 66 insertions(+), 16 deletions(-) create mode 100644 src/defaultData.json diff --git a/package.json b/package.json index 9680922..b84ed70 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "xswitch", "description": "A proxy tool based on Chrome.extensions", "author": "yize", - "version": "1.6.0", + "version": "1.6.1", "main": "src/background.js", "dependencies": { "monaco-editor": "^0.13.1" diff --git a/src/background.js b/src/background.js index c4958bf..a088a12 100644 --- a/src/background.js +++ b/src/background.js @@ -81,3 +81,8 @@ chrome.webRequest.onBeforeRequest.addListener( chrome.webRequest.onHeadersReceived.addListener(details=>window.onHeadersReceivedCallback(details), { urls: [''] }, ["blocking", "responseHeaders"]); + +chrome.webRequest.onBeforeSendHeaders.addListener( + details=>window.onBeforeSendHeadersCallback(details), + {urls: [""]}, + ["blocking", "requestHeaders"]); \ No newline at end of file diff --git a/src/defaultData.json b/src/defaultData.json new file mode 100644 index 0000000..24bf7dd --- /dev/null +++ b/src/defaultData.json @@ -0,0 +1,12 @@ +{ + "proxy": [ + [ + "//alinw.alicdn.com/platform/daily-test/isDaily.js", + "//alinw.alicdn.com/platform/daily-test/isDaily.json" + ], + [ + "alinw.alicdn.com", + "g.alicdn.com" + ] + ] +} \ No newline at end of file diff --git a/src/forward.js b/src/forward.js index 982d97e..c4a16f7 100644 --- a/src/forward.js +++ b/src/forward.js @@ -2,30 +2,49 @@ window.lastRequestId = null; window.proxyConfig = {}; window.urls = new Array(200); // for cache window.isString = string => ({}.toString.call(string) === '[object String]'); +window.originRequestId = null; +window.originValue = null; //Breaking the CORS Limitation window.onHeadersReceivedCallback = details => { + if (window.proxyDisabled == 'disabled') { return {}; } let resHeaders = []; - if(details.responseHeaders && details.responseHeaders.filter){ - resHeaders = details.responseHeaders.filter((responseHeader) => { - return !~responseHeader.name.toLowerCase().indexOf('access-control-allow'); - }) + if (details.responseHeaders && details.responseHeaders.filter) { + resHeaders = details.responseHeaders.filter(responseHeader => { + if ( + [ + 'access-control-allow-origin', + 'access-control-allow-credentials', + 'access-control-allow-methods' + ].indexOf(responseHeader.name.toLowerCase()) < 0 + ) { + return true; + } + return false; + }); } - - resHeaders.push({ name: 'Access-Control-Allow-Origin', value: details.initiator || '*' }); + + resHeaders.push({ + name: 'Access-Control-Allow-Origin', + // when Origin has value null, CORS header must be null. + value: (window.originRequestId === details.requestId ? window.originValue : details.initiator) || '*' + }); resHeaders.push({ name: 'Access-Control-Allow-Credentials', value: 'true' }); - resHeaders.push({ name: 'Access-Control-Allow-Headers', value: 'x-requested-with,Content-Type' }); + resHeaders.push({ + name: 'Access-Control-Allow-Methods', + value: '*' + }); return { responseHeaders: resHeaders }; }; -window.redirectToMatchingRule = (details) => { +window.redirectToMatchingRule = details => { const rules = window.proxyConfig.proxy; let redirectUrl = details.url; @@ -66,8 +85,22 @@ window.redirectToMatchingRule = (details) => { } catch (e) { console.error('rule match error', e); } + window.lastRequestId = details.requestId; return redirectUrl === details.url ? {} : { redirectUrl }; }; +window.onBeforeSendHeadersCallback = function (details) { + for (var i = 0; i < details.requestHeaders.length; ++i) { + + if (details.requestHeaders[i].name === 'Origin') { + window.originRequestId = details.requestId; + window.originValue = details.requestHeaders[i].value; + break; + } + } + + return { requestHeaders: details.requestHeaders }; +} + window.onBeforeRequestCallback = details => redirectToMatchingRule(details); diff --git a/src/manifest.json b/src/manifest.json index 1ef13b7..e0dc8f1 100644 --- a/src/manifest.json +++ b/src/manifest.json @@ -2,7 +2,7 @@ "name": "XSwitch", "description": "XSwitch tools for proxy web request url, support reg", "short_name": "xs", - "version": "1.6.0", + "version": "1.6.1", "manifest_version": 2, "browser_action": { "default_icon": "images/grey_128.png", diff --git a/test/index.spec.js b/test/index.spec.js index 5e713b8..489e53f 100644 --- a/test/index.spec.js +++ b/test/index.spec.js @@ -452,8 +452,8 @@ describe('CORS without Access-Control-Allow-Origin', () => { value: 'true' }, { - name: 'Access-Control-Allow-Headers', - value: 'x-requested-with,Content-Type' + name: 'Access-Control-Allow-Methods', + value: '*' } ]; expect( @@ -660,8 +660,8 @@ describe('CORS withCredentials', () => { value: 'true' }, { - name: 'Access-Control-Allow-Headers', - value: 'x-requested-with,Content-Type' + name: 'Access-Control-Allow-Methods', + value: '*' } ]; expect( @@ -683,8 +683,8 @@ describe('CORS withCredentials and no proxyConfig', () => { value: 'true' }, { - name: 'Access-Control-Allow-Headers', - value: 'x-requested-with,Content-Type' + name: 'Access-Control-Allow-Methods', + value: '*' } ]); });