From c8508f1c943ff93eca6745fe06f6f8a7484d4a7e Mon Sep 17 00:00:00 2001 From: Simon Smith Date: Sat, 17 Sep 2022 12:01:39 +0100 Subject: [PATCH] allow origin header to be relayed --- apprelays.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apprelays.js b/apprelays.js index 59b96827..84de05e0 100644 --- a/apprelays.js +++ b/apprelays.js @@ -282,7 +282,7 @@ module.exports.CreateWebRelay = function (parent, db, args, domain) { // Construct the HTTP request var request = req.method + ' ' + req.url + ' HTTP/' + req.httpVersion + '\r\n'; - const blockedHeaders = ['origin', 'cookie', 'upgrade-insecure-requests', 'sec-ch-ua', 'sec-ch-ua-mobile', 'dnt', 'sec-fetch-user', 'sec-ch-ua-platform', 'sec-fetch-site', 'sec-fetch-mode', 'sec-fetch-dest']; // These are headers we do not forward + const blockedHeaders = ['cookie', 'upgrade-insecure-requests', 'sec-ch-ua', 'sec-ch-ua-mobile', 'dnt', 'sec-fetch-user', 'sec-ch-ua-platform', 'sec-fetch-site', 'sec-fetch-mode', 'sec-fetch-dest']; // These are headers we do not forward for (var i in req.headers) { if (blockedHeaders.indexOf(i) == -1) { request += i + ': ' + req.headers[i] + '\r\n'; } } var cookieStr = ''; for (var i in parent.webCookies) { if (cookieStr != '') { cookieStr += '; ' } cookieStr += (i + '=' + parent.webCookies[i].value); } @@ -331,7 +331,7 @@ module.exports.CreateWebRelay = function (parent, db, args, domain) { // Construct the HTTP request var request = req.method + ' ' + req.url + ' HTTP/' + req.httpVersion + '\r\n'; - const blockedHeaders = ['origin', 'cookie', 'sec-websocket-extensions']; // These are headers we do not forward + const blockedHeaders = ['cookie', 'sec-websocket-extensions']; // These are headers we do not forward for (var i in req.headers) { if (blockedHeaders.indexOf(i) == -1) { request += i + ': ' + req.headers[i] + '\r\n'; } } var cookieStr = ''; for (var i in parent.webCookies) { if (cookieStr != '') { cookieStr += '; ' } cookieStr += (i + '=' + parent.webCookies[i].value); }