commit 81529a62ee26f07c1fdd1e440bd95873ace6435e Author: Peter Haight peterh@giantrabbit.com Date: Wed Dec 23 14:13:24 2020 -0800
Set allowed origin header for onion hosts
In order to let us use fetch with credentials (to send cookies), the allowed origin needs to match the URL for the site using fetch. So if the request is coming from an onion URL, then assume it's from the onion donate site. --- src/AccessControlMiddleware.php | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/AccessControlMiddleware.php b/src/AccessControlMiddleware.php index d900fa63..b8afeb15 100644 --- a/src/AccessControlMiddleware.php +++ b/src/AccessControlMiddleware.php @@ -3,8 +3,19 @@ namespace Tor;
class AccessControlMiddleware { + const ONION_HOST_MAP = [ + 'rjrsgw3y2wzqmnvv.onion' => 'http://gsxohj375bk7gjal.onion', # prod + 'qbnprwaqyglijwqq.onion' => 'http://y7pm6of53hzeb7u2.onion', # stag + 'g2xie2z5bp5f6doi.onion' => 'http://y7pm6of53hzeb7u2.onion', # test + ]; + public function __invoke($request, $response, $next) { - $response = $response->withHeader('Access-Control-Allow-Origin', $this->torSiteBaseUrl); + $host = reset($request->getHeader('Host')); + $allowOriginUrl = $this->torSiteBaseUrl; + if (array_key_exists($host, static::ONION_HOST_MAP)) { + $allowOriginUrl = static::ONION_HOST_MAP[$host]; + } + $response = $response->withHeader('Access-Control-Allow-Origin', $allowOriginUrl); $response = $response->withHeader('Access-Control-Allow-Credentials', 'true'); $response = $response->withHeader('Access-Control-Allow-Headers', 'Content-Type'); return $next($request, $response);