[tor-commits] [donate/master] Set allowed origin header for onion hosts
peterh at torproject.org
peterh at torproject.org
Tue May 11 21:17:51 UTC 2021
commit 81529a62ee26f07c1fdd1e440bd95873ace6435e
Author: Peter Haight <peterh at giantrabbit.com>
Date: Wed Dec 23 14:13:24 2020 -0800
Set allowed origin header for onion hosts
In order to let us use fetch with credentials (to send cookies), the
allowed origin needs to match the URL for the site using fetch. So if
the request is coming from an onion URL, then assume it's from the onion
donate site.
---
src/AccessControlMiddleware.php | 13 ++++++++++++-
1 file changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/AccessControlMiddleware.php b/src/AccessControlMiddleware.php
index d900fa63..b8afeb15 100644
--- a/src/AccessControlMiddleware.php
+++ b/src/AccessControlMiddleware.php
@@ -3,8 +3,19 @@
namespace Tor;
class AccessControlMiddleware {
+ const ONION_HOST_MAP = [
+ 'rjrsgw3y2wzqmnvv.onion' => 'http://gsxohj375bk7gjal.onion', # prod
+ 'qbnprwaqyglijwqq.onion' => 'http://y7pm6of53hzeb7u2.onion', # stag
+ 'g2xie2z5bp5f6doi.onion' => 'http://y7pm6of53hzeb7u2.onion', # test
+ ];
+
public function __invoke($request, $response, $next) {
- $response = $response->withHeader('Access-Control-Allow-Origin', $this->torSiteBaseUrl);
+ $host = reset($request->getHeader('Host'));
+ $allowOriginUrl = $this->torSiteBaseUrl;
+ if (array_key_exists($host, static::ONION_HOST_MAP)) {
+ $allowOriginUrl = static::ONION_HOST_MAP[$host];
+ }
+ $response = $response->withHeader('Access-Control-Allow-Origin', $allowOriginUrl);
$response = $response->withHeader('Access-Control-Allow-Credentials', 'true');
$response = $response->withHeader('Access-Control-Allow-Headers', 'Content-Type');
return $next($request, $response);
More information about the tor-commits
mailing list