aboutsummaryrefslogtreecommitdiff
path: root/src/server/server_Initialization.ts
diff options
context:
space:
mode:
Diffstat (limited to 'src/server/server_Initialization.ts')
-rw-r--r--src/server/server_Initialization.ts40
1 files changed, 25 insertions, 15 deletions
diff --git a/src/server/server_Initialization.ts b/src/server/server_Initialization.ts
index 438cde8cf..64f90d76c 100644
--- a/src/server/server_Initialization.ts
+++ b/src/server/server_Initialization.ts
@@ -149,6 +149,9 @@ function registerAuthenticationRoutes(server: express.Express) {
function registerCorsProxy(server: express.Express) {
server.use('/corsProxy', async (req, res) => {
+ res.setHeader('Access-Control-Allow-Origin', '*');
+ res.header('Access-Control-Allow-Methods', 'GET, PUT, PATCH, POST, DELETE');
+ res.header('Access-Control-Allow-Headers', req.header('access-control-request-headers'));
const referer = req.headers.referer ? decodeURIComponent(req.headers.referer) : '';
let requrlraw = decodeURIComponent(req.url.substring(1));
const qsplit = requrlraw.split('?q=');
@@ -171,26 +174,25 @@ function registerCorsProxy(server: express.Express) {
function proxyServe(req: any, requrl: string, response: any) {
const htmlBodyMemoryStream = new (require('memorystream'))();
- var retrieveHTTPBody: any;
var wasinBrFormat = false;
const sendModifiedBody = () => {
const header = response.headers['content-encoding'];
- const httpsToCors = (match: any, href: string, offset: any, string: any) => `href="${resolvedServerUrl + '/corsProxy/http' + href}"`;
- if (header?.includes('gzip')) {
+ const refToCors = (match: any, tag: string, sym: string, href: string, offset: any, string: any) => `${tag}=${sym + resolvedServerUrl}/corsProxy/${href + sym}`;
+ const relpathToCors = (match: any, href: string, offset: any, string: any) => `="${resolvedServerUrl + '/corsProxy/' + decodeURIComponent(req.originalUrl.split('/corsProxy/')[1].match(/https?:\/\/[^\/]*/)?.[0] ?? '') + '/' + href}"`;
+ if (header) {
try {
const bodyStream = htmlBodyMemoryStream.read();
if (bodyStream) {
- const htmlInputText = wasinBrFormat ? Buffer.from(brotli.decompress(bodyStream)) : zlib.gunzipSync(bodyStream);
+ const htmlInputText = wasinBrFormat ? Buffer.from(brotli.decompress(bodyStream)) : header.includes('gzip') ? zlib.gunzipSync(bodyStream) : bodyStream;
const htmlText = htmlInputText
.toString('utf8')
.replace('<head>', '<head> <style>[id ^= "google"] { display: none; } </style>')
- // .replace('<script', '<noscript')
- // .replace('</script', '</noscript')
- .replace(/href="https?([^"]*)"/g, httpsToCors)
+ .replace(/(src|href)=([\'\"])(https?[^\2\n]*)\1/g, refToCors) // replace src or href='http(s)://...' or href="http(s)://.."
+ //.replace(/= *"\/([^"]*)"/g, relpathToCors)
.replace(/data-srcset="[^"]*"/g, '')
.replace(/srcset="[^"]*"/g, '')
.replace(/target="_blank"/g, '');
- response.send(zlib.gzipSync(htmlText));
+ response.send(header?.includes('gzip') ? zlib.gzipSync(htmlText) : htmlText);
} else {
req.pipe(request(requrl)).pipe(response);
console.log('EMPTY body:' + req.url);
@@ -202,10 +204,17 @@ function proxyServe(req: any, requrl: string, response: any) {
req.pipe(htmlBodyMemoryStream).pipe(response);
}
};
- retrieveHTTPBody = () => {
- req.headers.cookie = '';
+ const retrieveHTTPBody = () => {
+ //req.headers.cookie = '';
req.pipe(request(requrl))
- .on('error', (e: any) => console.log(`Malformed CORS url: ${requrl}`, e))
+ .on('error', (e: any) => {
+ console.log(`CORS url error: ${requrl}`, e);
+ response.send(`<html><body bgcolor="red" link="006666" alink="8B4513" vlink="006666">
+ <title>Error</title>
+ <div align="center"><h1>Failed to load: ${requrl} </h1></div>
+ <p>${e}</p>
+ </body></html>`);
+ })
.on('response', (res: any) => {
res.headers;
const headers = Object.keys(res.headers);
@@ -235,9 +244,10 @@ function proxyServe(req: any, requrl: string, response: any) {
function registerEmbeddedBrowseRelativePathHandler(server: express.Express) {
server.use('*', (req, res) => {
+ // res.setHeader('Access-Control-Allow-Origin', '*');
+ // res.header('Access-Control-Allow-Methods', 'GET, PUT, PATCH, POST, DELETE');
+ // res.header('Access-Control-Allow-Headers', req.header('access-control-request-headers'));
const relativeUrl = req.originalUrl;
- // if (req.originalUrl === '/css/main.css' || req.originalUrl === '/favicon.ico') res.end();
- // else
if (!res.headersSent && req.headers.referer?.includes('corsProxy')) {
if (!req.user) res.redirect('/home'); // When no user is logged in, we interpret a relative URL as being a reference to something they don't have access to and redirect to /home
// a request for something by a proxied referrer means it must be a relative reference. So construct a proxied absolute reference here.
@@ -247,8 +257,8 @@ function registerEmbeddedBrowseRelativePathHandler(server: express.Express) {
const actualReferUrl = proxiedRefererUrl.replace(dashServerUrl, ''); // the url of the referer without the proxy (e.g., : https://en.wikipedia.org/wiki/Engelbart)
const absoluteTargetBaseUrl = actualReferUrl.match(/https?:\/\/[^\/]*/)![0]; // the base of the original url (e.g., https://en.wikipedia.org)
const redirectedProxiedUrl = dashServerUrl + encodeURIComponent(absoluteTargetBaseUrl + relativeUrl); // the new proxied full url (e.g., http://localhost:<port>/corsProxy/https://en.wikipedia.org/<somethingelse>)
- if (relativeUrl.startsWith('//')) res.redirect('http:' + relativeUrl);
- else res.redirect(redirectedProxiedUrl);
+ const redirectUrl = relativeUrl.startsWith('//') ? 'http:' + relativeUrl : redirectedProxiedUrl;
+ res.redirect(redirectUrl);
} catch (e) {
console.log('Error embed: ', e);
}
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-10-06 09:18:33 +0000