bugfix: OPTIONS 拦截器，在正式请求中缺少响应头 `'Access-Control-Allow-Credentials': …

…'true'` 的问题修复。
docmirror · Nov 28, 2024 · 51366cf · 51366cf
1 parent 13741d3
commit 51366cf
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 52 deletions.
diff --git a/packages/mitmproxy/src/lib/interceptor/impl/res/AfterOPTIONSHeaders.js b/packages/mitmproxy/src/lib/interceptor/impl/res/AfterOPTIONSHeaders.js
@@ -1,24 +1,28 @@
 const responseReplaceApi = require('./responseReplace')
 
 module.exports = {
-  name: 'OPTIONSHeaders',
+  name: 'AfterOPTIONSHeaders',
   desc: '开启了options.js功能时，正常请求时，会需要增加响应头 `Access-Control-Allow-Origin: xxx`',
   priority: 201,
   responseIntercept (context, interceptOpt, req, res, proxyReq, proxyRes, ssl, next) {
     const { rOptions, log } = context
 
-    if (rOptions.method === 'OPTIONS') {
+    if (rOptions.method === 'OPTIONS' || rOptions.headers.origin == null) {
       return
     }
 
     const headers = {
+      'Access-Control-Allow-Credentials': 'true',
       'Access-Control-Allow-Origin': rOptions.headers.origin,
     }
 
+    res.setHeader('DS-AfterOPTIONSHeaders-Interceptor', '1')
+
     // 替换响应头
     if (responseReplaceApi.replaceResponseHeaders({ ...headers }, res, proxyRes)) {
-      res.setHeader('DS-AfterOPTIONSHeaders-Interceptor', rOptions.headers.origin)
       log.info('AfterOPTIONSHeaders intercept:', JSON.stringify(headers))
+    } else {
+      res.setHeader('DS-AfterOPTIONSHeaders-Interceptor', '0')
     }
   },
   is (interceptOpt) {

diff --git a/packages/mitmproxy/src/lib/interceptor/impl/res/responseReplace.js b/packages/mitmproxy/src/lib/interceptor/impl/res/responseReplace.js
@@ -5,62 +5,62 @@ const REMOVE = '[remove]'
 
 // 替换响应头
 function replaceResponseHeaders (newHeaders, res, proxyRes) {
-  if (newHeaders && !lodash.isEmpty(newHeaders)) {
-    // 响应头Key统一转小写
-    for (const headerKey in newHeaders) {
-      if (headerKey === headerKey.toLowerCase()) {
-        continue
-      }
+  if (!newHeaders || lodash.isEmpty(newHeaders)) {
+    return null
+  }
 
-      const value = newHeaders[headerKey]
-      delete newHeaders[headerKey]
-      newHeaders[headerKey.toLowerCase()] = value
+  // 响应头Key统一转小写
+  for (const headerKey in newHeaders) {
+    if (headerKey === headerKey.toLowerCase()) {
+      continue
     }
 
-    // 原先响应头
-    const preHeaders = {}
+    const value = newHeaders[headerKey]
+    delete newHeaders[headerKey]
+    newHeaders[headerKey.toLowerCase()] = value
+  }
 
-    // 替换响应头
-    const needDeleteKeys = []
-    for (let i = 0; i < proxyRes.rawHeaders.length; i += 2) {
-      const headerKey = proxyRes.rawHeaders[i].toLowerCase()
-
-      const newHeaderValue = newHeaders[headerKey]
-      if (newHeaderValue) {
-        if (newHeaderValue !== proxyRes.rawHeaders[i + 1]) {
-          preHeaders[headerKey] = proxyRes.rawHeaders[i + 1] // 先保存原先响应头
-          if (newHeaderValue === REMOVE) { // 由于拦截配置中不允许配置null，会被删，所以配置一个 "[remove]"，当作删除响应头的意思
-            proxyRes.rawHeaders[i + 1] = ''
-          } else {
-            proxyRes.rawHeaders[i + 1] = newHeaderValue
-          }
+  // 原先响应头
+  const preHeaders = {}
+
+  // 替换响应头
+  const needDeleteKeys = []
+  for (let i = 0; i < proxyRes.rawHeaders.length; i += 2) {
+    const headerKey = proxyRes.rawHeaders[i].toLowerCase()
+
+    const newHeaderValue = newHeaders[headerKey]
+    if (newHeaderValue) {
+      if (newHeaderValue !== proxyRes.rawHeaders[i + 1]) {
+        preHeaders[headerKey] = proxyRes.rawHeaders[i + 1] // 先保存原先响应头
+        if (newHeaderValue === REMOVE) { // 由于拦截配置中不允许配置null，会被删，所以配置一个 "[remove]"，当作删除响应头的意思
+          proxyRes.rawHeaders[i + 1] = ''
+        } else {
+          proxyRes.rawHeaders[i + 1] = newHeaderValue
         }
-        needDeleteKeys.push(headerKey)
       }
+      needDeleteKeys.push(headerKey)
     }
-    // 处理删除响应头
-    for (const headerKey of needDeleteKeys) {
-      delete newHeaders[headerKey]
-    }
-    // 新增响应头
-    for (const headerKey in newHeaders) {
-      const headerValue = newHeaders[headerKey]
-      if (headerValue == null || headerValue === REMOVE) {
-        continue
-      }
-
-      res.setHeader(headerKey, newHeaders[headerKey])
-      preHeaders[headerKey] = null // 标记原先响应头为null
+  }
+  // 处理删除响应头
+  for (const headerKey of needDeleteKeys) {
+    delete newHeaders[headerKey]
+  }
+  // 新增响应头
+  for (const headerKey in newHeaders) {
+    const headerValue = newHeaders[headerKey]
+    if (headerValue == null || headerValue === REMOVE) {
+      continue
     }
 
-    if (lodash.isEmpty(preHeaders)) {
-      return null
-    }
-    // 返回原先响应头
-    return preHeaders
+    res.setHeader(headerKey, newHeaders[headerKey])
+    preHeaders[headerKey] = null // 标记原先响应头为null
   }
 
-  return null
+  if (lodash.isEmpty(preHeaders)) {
+    return null
+  }
+  // 返回原先响应头
+  return preHeaders
 }
 
 module.exports = {

diff --git a/packages/mitmproxy/src/lib/interceptor/index.js b/packages/mitmproxy/src/lib/interceptor/index.js
@@ -15,7 +15,7 @@ const unVerifySsl = require('./impl/req/unVerifySsl')
 const baiduOcr = require('./impl/req/baiduOcr')
 
 // response interceptor impls
-const OPTIONSHeaders = require('./impl/res/AfterOPTIONSHeaders')
+const AfterOPTIONSHeaders = require('./impl/res/AfterOPTIONSHeaders')
 const cacheRes = require('./impl/res/cacheRes')
 const responseReplace = require('./impl/res/responseReplace')
 
@@ -30,6 +30,6 @@ module.exports = [
   baiduOcr,
 
   // response interceptor impls
-  OPTIONSHeaders, cacheRes, responseReplace,
+  AfterOPTIONSHeaders, cacheRes, responseReplace,
   script,
 ]
diff --git a/packages/mitmproxy/test/lib/interceptor/impl/res/responseReplaceTest.js b/packages/mitmproxy/test/lib/interceptor/impl/res/responseReplaceTest.js
@@ -13,8 +13,8 @@ const proxyRes = {
     'Content-Length', '2',
     'ETag', 'W/"2"',
     'Date', 'Thu, 01 Jan 1970 00:00:00 GMT',
-    'Connection', 'keep-alive'
-  ]
+    'Connection', 'keep-alive',
+  ],
 }
 
 const newHeaders = {