feat: allow whitelisting insecure HTTP servers for development purposes

billiegoose · billiegoose · commit 0c338234f3fd · 2018-12-14T12:13:40.000-05:00
diff --git a/README.md b/README.md
@@ -44,6 +44,7 @@ cors-proxy stop
 Environment variables:
 - `PORT` the port to listen to (if run with `npm start`)
 - `ALLOW_ORIGIN` the value for the 'Access-Control-Allow-Origin' CORS header
+- `INSECURE_HTTP_ORIGINS` comma separated list of origins for which HTTP should be used instead of HTTPS (added to make developing against locally running git servers easier)
 
 ## License
 
diff --git a/index.js b/index.js
@@ -3,6 +3,7 @@ const url = require('url')
 const pkg = require('./package.json')
 const {send} = require('micro')
 const origin = process.env.ALLOW_ORIGIN
+const insecure_origins = (process.env.INSECURE_HTTP_ORIGINS || '').split(',')
 const allowHeaders = [
   'accept-encoding',
   'accept-language',
@@ -104,9 +105,10 @@ async function service (req, res) {
   let parts = p.match(/\/([^\/]*)\/(.*)/)
   let pathdomain = parts[1]
   let remainingpath = parts[2]
-  console.log(`https://${pathdomain}/${remainingpath}`)
+  let protocol = insecure_origins.includes(pathdomain) ? 'http' : 'https'
+  console.log(`${protocol}://${pathdomain}/${remainingpath}`)
   let f = await fetch(
-    `https://${pathdomain}/${remainingpath}`,
+    `${protocol}://${pathdomain}/${remainingpath}`,
     {
       method: req.method,
       headers,
