[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [donate/master] Set allowed origin header for onion hosts

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [donate/master] Set allowed origin header for onion hosts
From: peterh@xxxxxxxxxxxxxx
Date: Tue, 11 May 2021 21:17:51 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 11 May 2021 17:18:35 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Peter Haight <peterh@xxxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 81529a62ee26f07c1fdd1e440bd95873ace6435e
Author: Peter Haight <peterh@xxxxxxxxxxxxxxx>
Date:   Wed Dec 23 14:13:24 2020 -0800

    Set allowed origin header for onion hosts
    
    In order to let us use fetch with credentials (to send cookies), the
    allowed origin needs to match the URL for the site using fetch. So if
    the request is coming from an onion URL, then assume it's from the onion
    donate site.
---
 src/AccessControlMiddleware.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/AccessControlMiddleware.php b/src/AccessControlMiddleware.php
index d900fa63..b8afeb15 100644
--- a/src/AccessControlMiddleware.php
+++ b/src/AccessControlMiddleware.php
@@ -3,8 +3,19 @@
 namespace Tor;
 
 class AccessControlMiddleware {
+  const ONION_HOST_MAP = [
+    'rjrsgw3y2wzqmnvv.onion' => 'http://gsxohj375bk7gjal.onion', # prod
+    'qbnprwaqyglijwqq.onion' => 'http://y7pm6of53hzeb7u2.onion', # stag
+    'g2xie2z5bp5f6doi.onion' => 'http://y7pm6of53hzeb7u2.onion', # test
+  ];
+
   public function __invoke($request, $response, $next) {
-    $response = $response->withHeader('Access-Control-Allow-Origin', $this->torSiteBaseUrl);
+    $host = reset($request->getHeader('Host'));
+    $allowOriginUrl = $this->torSiteBaseUrl;
+    if (array_key_exists($host, static::ONION_HOST_MAP)) {
+      $allowOriginUrl = static::ONION_HOST_MAP[$host];
+    }
+    $response = $response->withHeader('Access-Control-Allow-Origin', $allowOriginUrl);
     $response = $response->withHeader('Access-Control-Allow-Credentials', 'true');
     $response = $response->withHeader('Access-Control-Allow-Headers', 'Content-Type');
     return $next($request, $response);

_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [donate/master] Revert "Use wildcard for Access-Control-Allow-Origin"
Next by Author: [tor-commits] [donate/master] Fixes for captcha problems across sites
Previous by thread: [tor-commits] [donate/master] Limit matched amount in counter to first 100k donated
Next by thread: [tor-commits] [gettor-web/main] add i18n source string file to repo so transifex updates automatically
Index(es):
- Author
- Thread