fix: local file maybe block by origin null

Author: yize

package.json

@@ -2,7 +2,7 @@
   "name": "xswitch",
   "description": "A proxy tool based on Chrome.extensions",
   "author": "yize",
-  "version": "1.6.0",
+  "version": "1.6.1",
   "main": "src/background.js",
   "dependencies": {
     "monaco-editor": "^0.13.1"

src/background.js

@@ -81,3 +81,8 @@ chrome.webRequest.onBeforeRequest.addListener(
 chrome.webRequest.onHeadersReceived.addListener(details=>window.onHeadersReceivedCallback(details), {
   urls: ['<all_urls>']
 }, ["blocking", "responseHeaders"]);
+
+chrome.webRequest.onBeforeSendHeaders.addListener(
+  details=>window.onBeforeSendHeadersCallback(details),
+  {urls: ["<all_urls>"]},
+  ["blocking", "requestHeaders"]);

src/defaultData.json

@@ -0,0 +1,12 @@
+{
+  "proxy": [
+    [
+      "//alinw.alicdn.com/platform/daily-test/isDaily.js",
+      "//alinw.alicdn.com/platform/daily-test/isDaily.json"
+    ],
+    [
+      "alinw.alicdn.com",
+      "g.alicdn.com"
+    ]
+  ]
+}

src/forward.js

@@ -2,30 +2,49 @@ window.lastRequestId = null;
 window.proxyConfig = {};
 window.urls = new Array(200); // for cache
 window.isString = string => ({}.toString.call(string) === '[object String]');
+window.originRequestId = null;
+window.originValue = null;
 
 //Breaking the CORS Limitation
 window.onHeadersReceivedCallback = details => {
+
   if (window.proxyDisabled == 'disabled') {
     return {};
   }
 
   let resHeaders = [];
-  if(details.responseHeaders && details.responseHeaders.filter){
-    resHeaders = details.responseHeaders.filter((responseHeader) => {
-      return !~responseHeader.name.toLowerCase().indexOf('access-control-allow');
-    })
+  if (details.responseHeaders && details.responseHeaders.filter) {
+    resHeaders = details.responseHeaders.filter(responseHeader => {
+      if (
+        [
+          'access-control-allow-origin',
+          'access-control-allow-credentials',
+          'access-control-allow-methods'
+        ].indexOf(responseHeader.name.toLowerCase()) < 0
+      ) {
+        return true;
+      }
+      return false;
+    });
   }
-  
-  resHeaders.push({ name: 'Access-Control-Allow-Origin', value: details.initiator || '*' });
+
+  resHeaders.push({
+    name: 'Access-Control-Allow-Origin',
+    // when Origin has value null, CORS header must be null.
+    value: (window.originRequestId === details.requestId ? window.originValue : details.initiator) || '*'
+  });
   resHeaders.push({ name: 'Access-Control-Allow-Credentials', value: 'true' });
-  resHeaders.push({ name: 'Access-Control-Allow-Headers', value: 'x-requested-with,Content-Type' });
+  resHeaders.push({
+    name: 'Access-Control-Allow-Methods',
+    value: '*'
+  });
 
   return {
     responseHeaders: resHeaders
   };
 };
 
-window.redirectToMatchingRule = (details) => {
+window.redirectToMatchingRule = details => {
   const rules = window.proxyConfig.proxy;
   let redirectUrl = details.url;
 
@@ -66,8 +85,22 @@ window.redirectToMatchingRule = (details) => {
   } catch (e) {
     console.error('rule match error', e);
   }
+
   window.lastRequestId = details.requestId;
   return redirectUrl === details.url ? {} : { redirectUrl };
 };
 
+window.onBeforeSendHeadersCallback = function (details) {
+  for (var i = 0; i < details.requestHeaders.length; ++i) {
+
+    if (details.requestHeaders[i].name === 'Origin') {
+      window.originRequestId = details.requestId;
+      window.originValue = details.requestHeaders[i].value;
+      break;
+    }
+  }
+
+  return { requestHeaders: details.requestHeaders };
+}
+
 window.onBeforeRequestCallback = details => redirectToMatchingRule(details);

src/manifest.json

@@ -2,7 +2,7 @@
   "name": "XSwitch",
   "description": "XSwitch tools for proxy web request url, support reg",
   "short_name": "xs",
-  "version": "1.6.0",
+  "version": "1.6.1",
   "manifest_version": 2,
   "browser_action": {
     "default_icon": "images/grey_128.png",

test/index.spec.js

@@ -452,8 +452,8 @@ describe('CORS without Access-Control-Allow-Origin', () => {
         value: 'true'
       },
       {
-        name: 'Access-Control-Allow-Headers',
-        value: 'x-requested-with,Content-Type'
+        name: 'Access-Control-Allow-Methods',
+        value: '*'
       }
     ];
     expect(
@@ -660,8 +660,8 @@ describe('CORS withCredentials', () => {
         value: 'true'
       },
       {
-        name: 'Access-Control-Allow-Headers',
-        value: 'x-requested-with,Content-Type'
+        name: 'Access-Control-Allow-Methods',
+        value: '*'
       }
     ];
     expect(
@@ -683,8 +683,8 @@ describe('CORS withCredentials and no proxyConfig', () => {
         value: 'true'
       },
       {
-        name: 'Access-Control-Allow-Headers',
-        value: 'x-requested-with,Content-Type'
+        name: 'Access-Control-Allow-Methods',
+        value: '*'
       }
     ]);
   });