Fix CORS: make mitmproxy intercept OPTIONS

Mattermost doesn't support OPTIONS so we have to handle it in our proxy.
This commit is contained in:
Midgard 2020-03-25 22:10:19 +01:00
parent 71290cdc02
commit 87808a3ffe
Signed by: midgard
GPG key ID: 511C112F1331BBB4
3 changed files with 48 additions and 0 deletions

5
.gitignore vendored Normal file
View file

@ -0,0 +1,5 @@
__pycache__/
.mypy_cache/
*.pyc
*.bak
*~

29
etc/mitm_cors.py Normal file
View file

@ -0,0 +1,29 @@
# Script for mitmproxy, used in ../rundev.sh. Not meant to be run directly.
from mitmproxy import http
# More information about CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
ALLOW_ORIGIN = "http://localhost:8000"
ALLOW_HEADERS = "Authorization, *" # Which headers the browser may send
EXPOSE_HEADERS = "Authorization, *" # Which headers the browser may expose to scripts
HIDE_ORIGIN = True
def response(flow):
flow.response.headers["Access-Control-Allow-Origin"] = ALLOW_ORIGIN
flow.response.headers["Access-Control-Expose-Headers"] = EXPOSE_HEADERS
def request(flow):
# Hijack CORS OPTIONS request
if flow.request.method == "OPTIONS":
flow.response = http.HTTPResponse.make(200, b"", {
"Access-Control-Allow-Origin": ALLOW_ORIGIN,
"Access-Control-Allow-Methods": "GET,POST",
"Access-Control-Allow-Headers": ALLOW_HEADERS,
"Access-Control-Max-Age": "10"
})
# Privacy
if HIDE_ORIGIN:
flow.request.headers["Origin"] = "null"

14
rundev.sh Executable file
View file

@ -0,0 +1,14 @@
#!/bin/bash
MATTERMOST_REMOTE="https://mattermost.zeus.gent"
if [[ $MATTERMOST_REMOTE == */ ]]; then
echo "MATTERMOST_REMOTE should not end with a slash (it should only the protocol and the domain; no path)" >&2
exit 1
fi
cd "$(dirname "$0")"
python3 -m "http.server" >/dev/null 2>&1 &
mitmproxy -s etc/mitm_cors.py -m "reverse:$MATTERMOST_REMOTE"