-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathCORS.js
83 lines (78 loc) · 3.21 KB
/
CORS.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
var http = require('http'),
config = require('./config').config;
////////////////
// CORS proxy //
////////////////
http.createServer(function (req, res) {
var subdomain = (req.headers.host.split('.'))[0];
console.log('detected subdomain "'+subdomain+'"');
var dataStr = '';
req.on('data', function(chunk) {
dataStr += chunk;
console.log('A:'+chunk);
});
req.on('end', function() {
console.log('A:END');
var options = {
'host': subdomain+'.'+config.couch.parentDomain,
'port': config.couch.port,
'method': req.method,
'path': req.url,
'headers': req.headers
};
if(req.method=='OPTIONS') {
responseHeaders={}//should maybe get a base set from remote?
var origin = req.headers.Origin;
if(!origin) {
origin = '*';
}
responseHeaders['Access-Control-Allow-Origin'] = origin;
responseHeaders['Access-Control-Allow-Methods'] = 'GET, PUT, POST, DELETE';
responseHeaders['Access-Control-Allow-Headers'] = 'authorization,content-type,Content-Length,gdata-version,slug,x-upload-content-length,x-upload-content-type';
responseHeaders['Access-Control-Allow-Credentials'] = 'true';
res.writeHead(200, responseHeaders);
res.end();
} else {
//stop the remote server getting confused trying to serve a vhost for the proxy's url instead of its own one:
options.headers.host = options.host;
//cunning trick that works because of how our bearer tokens relate to our CouchDb passwords:
if(options.headers['authorization']) {
var bearerToken = options.headers['authorization'].substring(('Bearer '.length));
options.headers['authorization'] = 'Basic '+bearerToken;
}
if(options.headers['Authorization']) {
var bearerToken = options.headers['Authorization'].substring(('Bearer '.length));
options.headers['Authorization'] = 'Basic '+bearerToken;
}
console.log('\nB.OPTIONS:'+JSON.stringify(options));
var req2 = http.request(options, function(res2) {
var responseHeaders = res2.headers;
console.log('\nC.HEADERS:'+JSON.stringify(responseHeaders));
var origin = req.headers.Origin;
if(!origin) {
origin = '*';
}
responseHeaders['Access-Control-Allow-Origin'] = origin;
responseHeaders['Access-Control-Allow-Methods'] = 'GET, PUT, POST, DELETE';
responseHeaders['Access-Control-Allow-Headers'] = 'authorization,content-type,Content-Length,gdata-version,slug,x-upload-content-length,x-upload-content-type';
responseHeaders['Access-Control-Allow-Credentials'] = 'true';
res.writeHead(res2.statusCode, responseHeaders);
res2.setEncoding('utf8');
var res2Data = '';
res2.on('data', function (chunk) {
res2Data += chunk;
});
res2.on('end', function() {
console.log('\nC.DATA:'+res2Data);
res.write(res2Data);
res.end();
});
});
//console.log('example.DATA:'+JSON.stringify({ingredients:['bacon', 'cheese']}));
console.log('B.DATA:'+dataStr);
req2.write(dataStr);
req2.end();
}
});
}).listen(config.backends.proxy);
console.log('listening on '+config.backends.proxy);