Fix mitmproxy script to deal with multiple origins

This commit is contained in:
Midgard 2020-03-31 13:27:08 +02:00
parent 4db66bb8c0
commit 81751369a1
Signed by: midgard
GPG key ID: 511C112F1331BBB4

View file

@ -4,26 +4,24 @@ from mitmproxy import http
# More information about CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS # More information about CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
ALLOW_ORIGIN = "http://localhost:8000" ALLOWED_ORIGINS = ["http://localhost:8000"]
ALLOW_HEADERS = "Authorization, *" # Which headers the browser may send ALLOW_HEADERS = "Authorization, *" # Which headers the browser may send
EXPOSE_HEADERS = "Authorization, *" # Which headers the browser may expose to scripts EXPOSE_HEADERS = "Authorization, *" # Which headers the browser may expose to scripts
HIDE_ORIGIN = True
def allowed_origin(origin):
return origin if origin in ALLOWED_ORIGINS else ALLOWED_ORIGINS[0]
def response(flow): def response(flow):
flow.response.headers["Access-Control-Allow-Origin"] = ALLOW_ORIGIN flow.response.headers["Access-Control-Allow-Origin"] = allowed_origin(flow.request.headers["Origin"])
flow.response.headers["Access-Control-Expose-Headers"] = EXPOSE_HEADERS flow.response.headers["Access-Control-Expose-Headers"] = EXPOSE_HEADERS
def request(flow): def request(flow):
# Hijack CORS OPTIONS request # Hijack CORS OPTIONS request
if flow.request.method == "OPTIONS": if flow.request.method == "OPTIONS":
flow.response = http.HTTPResponse.make(200, b"", { flow.response = http.HTTPResponse.make(200, b"", {
"Access-Control-Allow-Origin": ALLOW_ORIGIN, "Access-Control-Allow-Origin": allowed_origin(flow.request.headers["Origin"]),
"Access-Control-Allow-Methods": "GET,POST", "Access-Control-Allow-Methods": "GET,POST",
"Access-Control-Allow-Headers": ALLOW_HEADERS, "Access-Control-Allow-Headers": ALLOW_HEADERS,
"Access-Control-Max-Age": "10" "Access-Control-Max-Age": "10"
}) })
# Privacy
if HIDE_ORIGIN:
flow.request.headers["Origin"] = "null"