dev-ahmedhany/cloudflare-worker-website-proxy.js

## cloudflare-worker-website-proxy.js

// We support the GET, POST, HEAD, and OPTIONS methods from any origin,
// and allow any header on requests. These headers must be present
// on all responses to all CORS preflight requests. In practice, this means
// all responses to OPTIONS requests.
const corsHeaders = {
  "Access-Control-Allow-Origin": "https://medium.dev-ahmedhany.workers.dev",
  "Access-Control-Allow-Methods": "GET,HEAD,POST,OPTIONS",
  "Access-Control-Max-Age": "86400",
}


// The rest of this snippet for the demo page
async function rawHtmlResponse(html) {
  return new Response(html, {
    headers: {
      "content-type": "text/html;charset=UTF-8",
    },
  })
}


async function handleRequest(request) {
  const url = new URL(request.url)
  let apiUrl = url.pathname;

  if (apiUrl == null) {
     apiUrl = "/"
  }
  apiUrl = apiUrl.slice(1)
  apiUrl = apiUrl.replace("https:","https:/")

  if(!apiUrl.startsWith("https://")){
      apiUrl = "https://medium.com/" + apiUrl
  }

  // Rewrite request to point to API url. This also makes the request mutable
  // so we can add the correct Origin header to make the API server think
  // that this request isn't cross-site.
  request = new Request(apiUrl, request)
  request.headers.set("Origin", new URL(apiUrl).origin)

  let response = await fetch(request)

   if(response.status >= 300 && response.status <= 400){
     // Clone the response so that it's no longer immutable
  const newResponse = new Response(response.body, response);
 const l = response.headers.get("Location")
  newResponse.headers.delete('Location');
      newResponse.headers.set("Location","https://medium.dev-ahmedhany.workers.dev/"+l)
      return newResponse
   }

  const res = await response.text()
  console.log(res)
  const final = res.replace(/https:\/\/medium\.com/gi,"https://medium.dev-ahmedhany.workers.dev")

  // Recreate the response so we can modify the headers
  response = new Response(final, response)

  // Set CORS headers
  response.headers.set("Access-Control-Allow-Origin", "https://medium.dev-ahmedhany.workers.dev")

  // Append to/Add Vary header so browser will cache response correctly
  // response.headers.append("Vary", "Origin")

  return response
}

function handleOptions(request) {
  // Make sure the necessary headers are present
  // for this to be a valid pre-flight request
  let headers = request.headers;
  if (
    headers.get("Origin") !== null &&
    headers.get("Access-Control-Request-Method") !== null &&
    headers.get("Access-Control-Request-Headers") !== null
  ){
    // Handle CORS pre-flight request.
    // If you want to check or reject the requested method + headers
    // you can do that here.
    let respHeaders = {
      ...corsHeaders,
    // Allow all future content Request headers to go back to browser
    // such as Authorization (Bearer) or X-Client-Name-Version
      "Access-Control-Allow-Headers": request.headers.get("Access-Control-Request-Headers"),
    }

    return new Response(null, {
      headers: respHeaders,
    })
  }
  else {
    // Handle standard OPTIONS request.
    // If you want to allow other HTTP Methods, you can do that here.
    return new Response(null, {
      headers: {
        Allow: "GET, HEAD, POST, OPTIONS",
      },
    })
  }
}

addEventListener("fetch", event => {
  const request = event.request
  const url = new URL(request.url)

    if (request.method === "OPTIONS") {
      // Handle CORS preflight requests
      event.respondWith(handleOptions(request))
    }
    else if(
      request.method === "GET" ||
      request.method === "HEAD" ||
      request.method === "POST"
    ){
      // Handle requests to the API server
      event.respondWith(handleRequest(request))
    }
    else {
      event.respondWith(
        new Response(null, {
          status: 405,
          statusText: "Method Not Allowed",
        }),
      )
    }
})

	// We support the GET, POST, HEAD, and OPTIONS methods from any origin,
	// and allow any header on requests. These headers must be present
	// on all responses to all CORS preflight requests. In practice, this means
	// all responses to OPTIONS requests.
	const corsHeaders = {
	"Access-Control-Allow-Origin": "https://medium.dev-ahmedhany.workers.dev",
	"Access-Control-Allow-Methods": "GET,HEAD,POST,OPTIONS",
	"Access-Control-Max-Age": "86400",
	}



	// The rest of this snippet for the demo page
	async function rawHtmlResponse(html) {
	return new Response(html, {
	headers: {
	"content-type": "text/html;charset=UTF-8",
	},
	})
	}


	async function handleRequest(request) {
	const url = new URL(request.url)
	let apiUrl = url.pathname;

	if (apiUrl == null) {
	apiUrl = "/"
	}
	apiUrl = apiUrl.slice(1)
	apiUrl = apiUrl.replace("https:","https:/")

	if(!apiUrl.startsWith("https://")){
	apiUrl = "https://medium.com/" + apiUrl
	}

	// Rewrite request to point to API url. This also makes the request mutable
	// so we can add the correct Origin header to make the API server think
	// that this request isn't cross-site.
	request = new Request(apiUrl, request)
	request.headers.set("Origin", new URL(apiUrl).origin)

	let response = await fetch(request)

	if(response.status >= 300 && response.status <= 400){
	// Clone the response so that it's no longer immutable
	const newResponse = new Response(response.body, response);
	const l = response.headers.get("Location")
	newResponse.headers.delete('Location');
	newResponse.headers.set("Location","https://medium.dev-ahmedhany.workers.dev/"+l)
	return newResponse
	}

	const res = await response.text()
	console.log(res)
	const final = res.replace(/https:\/\/medium\.com/gi,"https://medium.dev-ahmedhany.workers.dev")

	// Recreate the response so we can modify the headers
	response = new Response(final, response)

	// Set CORS headers
	response.headers.set("Access-Control-Allow-Origin", "https://medium.dev-ahmedhany.workers.dev")

	// Append to/Add Vary header so browser will cache response correctly
	// response.headers.append("Vary", "Origin")

	return response
	}

	function handleOptions(request) {
	// Make sure the necessary headers are present
	// for this to be a valid pre-flight request
	let headers = request.headers;
	if (
	headers.get("Origin") !== null &&
	headers.get("Access-Control-Request-Method") !== null &&
	headers.get("Access-Control-Request-Headers") !== null
	){
	// Handle CORS pre-flight request.
	// If you want to check or reject the requested method + headers
	// you can do that here.
	let respHeaders = {
	...corsHeaders,
	// Allow all future content Request headers to go back to browser
	// such as Authorization (Bearer) or X-Client-Name-Version
	"Access-Control-Allow-Headers": request.headers.get("Access-Control-Request-Headers"),
	}

	return new Response(null, {
	headers: respHeaders,
	})
	}
	else {
	// Handle standard OPTIONS request.
	// If you want to allow other HTTP Methods, you can do that here.
	return new Response(null, {
	headers: {
	Allow: "GET, HEAD, POST, OPTIONS",
	},
	})
	}
	}

	addEventListener("fetch", event => {
	const request = event.request
	const url = new URL(request.url)

	if (request.method === "OPTIONS") {
	// Handle CORS preflight requests
	event.respondWith(handleOptions(request))
	}
	else if(
	request.method === "GET" \|\|
	request.method === "HEAD" \|\|
	request.method === "POST"
	){
	// Handle requests to the API server
	event.respondWith(handleRequest(request))
	}
	else {
	event.respondWith(
	new Response(null, {
	status: 405,
	statusText: "Method Not Allowed",
	}),
	)
	}
	})