node-iframe - npm Package Compare versions

Comparing version 1.0.7 to 1.0.8

package.json

		{
		"name": "node-iframe",
		"version": "1.0.7",
		"version": "1.0.8",
		"description": "create a iframe on your server to bypass CORS issues. ( reverse engineer security issues )",
		@@ -5,0 +5,0 @@ "main": "src/index.js",

src/index.js

		@@ -12,13 +12,29 @@ const isUrl = require("is-url");
		// Experimental manipulation
		// function manipulateSource(i, src, url) {
		// if (src) {
		// if (!src.includes(url)) {
		// const newSrc = src.replace(/^[/]+/, "");
		// src = `${newSrc.includes("http") ? "" : url + "/"}` + newSrc;
		// }
		// return src;
		// }
		// return null;
		// }
		function manipulateSource(i, src, url, $html) {
		if (src) {
		const isSlash = src[0] === "/";

		async function grabData() {
		if (isSlash) {
		const pathUrl = `${url}${isSlash ? "" : "/"}${src}`;

		const scriptCode = await fetch(pathUrl, {
		uri: pathUrl,
		headers,
		});

		const scriptText = await scriptCode.text();

		$html(`script[src="${src}"]`).html(scriptText);
		return true;
		}
		}

		grabData();

		return src;
		}
		return null;
		}

		async function renderHtml({ url, baseHref }) {
		@@ -39,11 +55,12 @@ const cachedHtml = await cache.get(url);
		const $html = cheerio.load(html);
		// response.headers.has('access-control-allow-origin')

		if ($html) {
		$html("head").prepend(`<base target="_self" href="${url}">`);

		if (typeof baseHref !== "undefined" && baseHref !== "false") {
		$html("script").attr("crossorigin", "anonymous");
		// $html('script').attr('src', (i, src) =>
		// manipulateSource(i, src, url)
		// )
		// $html('script').attr('crossorigin', 'anonymous')
		$html("script").attr("src", (i, src) =>
		manipulateSource(i, src, url, $html)
		);

		// $html('link').attr('href', (i, src) =>
		@@ -50,0 +67,0 @@ // manipulateSource(i, src, url)

New alerts