Fix mitmproxy script to deal with multiple origins

etc/mitm_cors.py

@@ -4,26 +4,24 @@ from mitmproxy import http
 
 # More information about CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
 
-ALLOW_ORIGIN = "http://localhost:8000"
+ALLOWED_ORIGINS = ["http://localhost:8000"]
 ALLOW_HEADERS  = "Authorization, *" # Which headers the browser may send
 EXPOSE_HEADERS = "Authorization, *" # Which headers the browser may expose to scripts
-HIDE_ORIGIN = True
 
 
+def allowed_origin(origin):
+	return origin if origin in ALLOWED_ORIGINS else ALLOWED_ORIGINS[0]
+
 def response(flow):
-	flow.response.headers["Access-Control-Allow-Origin"] = ALLOW_ORIGIN
+	flow.response.headers["Access-Control-Allow-Origin"] = allowed_origin(flow.request.headers["Origin"])
 	flow.response.headers["Access-Control-Expose-Headers"] = EXPOSE_HEADERS
 
 def request(flow):
 	# Hijack CORS OPTIONS request
 	if flow.request.method == "OPTIONS":
 		flow.response = http.HTTPResponse.make(200, b"", {
-			"Access-Control-Allow-Origin": ALLOW_ORIGIN,
+			"Access-Control-Allow-Origin": allowed_origin(flow.request.headers["Origin"]),
 			"Access-Control-Allow-Methods": "GET,POST",
 			"Access-Control-Allow-Headers": ALLOW_HEADERS,
 			"Access-Control-Max-Age": "10"
 		})
-
-	# Privacy
-	if HIDE_ORIGIN:
-		flow.request.headers["Origin"] = "null"