Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add setting to spoof URLs in network requests #1486

Open
Herschel opened this issue Nov 4, 2020 · 4 comments
Open

Add setting to spoof URLs in network requests #1486

Herschel opened this issue Nov 4, 2020 · 4 comments

Comments

@Herschel
Copy link
Member

Herschel commented Nov 4, 2020

Add a setting to pattern match and replace URLs in network requests. By default we currently auto-upgrade HTTP to HTTPS, but a more general URL-rewrite mechanism would be useful.

This could be used as a workaround for issues with CORS, allowing files to be loaded from a different location than was originally coded into the SWF, and allow for redirecting dead services to a new reimplementation (Mochi high scores, etc.).

SamMorrowDrums added a commit to SamMorrowDrums/ruffle that referenced this issue Dec 11, 2020
web: Fix cors issues with http (close ruffle-rs#1486)
Herschel pushed a commit to SamMorrowDrums/ruffle that referenced this issue Dec 14, 2020
@Herschel
Copy link
Member Author

Re-opening because it would still be useful to allow more advanced URL spoofing, although it's not as pressing with upgradeToHttps implemented.

@AyrA
Copy link

AyrA commented Jan 30, 2023

I'm also interested in this.

Just saying, that as a temporary solution until this is properly implemented, you can simply hijack the fetch calls:

(function (originalFetch) {
	const changeUrl = function (url) {
		//TODO: Check url parameter and modify as needed
		return url;
	};
	window.fetch = function () {
		let a = Array.from(arguments);
		if (typeof(a[0]) === "string") {
			//Argument to fetch() call is a raw URL string
			a[0] = changeUrl(a[0]);
		} else if (a[0] && typeof(a[0].url) === "string") {
			//Argument to fetch() call is a request object
			//HACK: This replaces the entire request object with an URL
			//      because the Request.url property is readonly.
			//      This is appropriate for GET requests only.
			const changedUrl = changeUrl(a[0].url);
			if (changedUrl !== a[0].url) {
				a[0] = changedUrl;
			}
		}
		return originalFetch.apply(window, a);
	};
})(window.fetch);

This code is good enough to rewrite simple GET requests which is usually sufficient to redirect requests that pull resources at runtime. For true interception you would need to reproduce the request object, but I'm not sure if you can reliably do that for POST requests with body data.

@woeterman94
Copy link

I'm also interested in this.

Just saying, that as a temporary solution until this is properly implemented, you can simply hijack the fetch calls:

(function (originalFetch) {
	const changeUrl = function (url) {
		//TODO: Check url parameter and modify as needed
		return url;
	};
	window.fetch = function () {
		let a = Array.from(arguments);
		if (typeof(a[0]) === "string") {
			//Argument to fetch() call is a raw URL string
			a[0] = changeUrl(a[0]);
		} else if (a[0] && typeof(a[0].url) === "string") {
			//Argument to fetch() call is a request object
			//HACK: This replaces the entire request object with an URL
			//      because the Request.url property is readonly.
			//      This is appropriate for GET requests only.
			const changedUrl = changeUrl(a[0].url);
			if (changedUrl !== a[0].url) {
				a[0] = changedUrl;
			}
		}
		return originalFetch.apply(window, a);
	};
})(window.fetch);

This code is good enough to rewrite simple GET requests which is usually sufficient to redirect requests that pull resources at runtime. For true interception you would need to reproduce the request object, but I'm not sure if you can reliably do that for POST requests with body data.

Looks cool! Please tell me more: where and how exactly should I implement this code?

@AyrA
Copy link

AyrA commented Aug 6, 2024

Looks cool! Please tell me more: where and how exactly should I implement this code?

Peferrably hardcoded in a script tag that appears very early in the page, or at least before ruffle is loaded.
You then replace the "TODO" comment with your custom logic that inspects the URL parameter, and replaces it if necessary.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants