bugfix: 解决success、abort、redirect拦截器跨域问题。

wangliang181230 · wangliang181230 · commit b582ac63adb0 · 2025-05-09T17:06:45.000+08:00
diff --git a/packages/mitmproxy/src/lib/interceptor/impl/req/abort.js b/packages/mitmproxy/src/lib/interceptor/impl/req/abort.js
@@ -5,10 +5,18 @@ module.exports = {
     const { rOptions, log } = context
 
     if (interceptOpt.abort === true || interceptOpt.abort === 'true') {
-      res.writeHead(403, {
+      const headers = {
         'Content-Type': 'text/plain; charset=utf-8',
         'DS-Interceptor': 'abort',
-      })
+      }
+
+      // headers.Access-Control-Allow-*：避免跨域问题
+      if (rOptions.headers.origin) {
+        headers['Access-Control-Allow-Credentials'] = 'true'
+        headers['Access-Control-Allow-Origin'] = rOptions.headers.origin
+      }
+
+      res.writeHead(403, headers)
       res.write(
         'DevSidecar 403: Request abort.\n\n'
         + '  This request is matched by abort intercept.\n\n'
diff --git a/packages/mitmproxy/src/lib/interceptor/impl/req/redirect.js b/packages/mitmproxy/src/lib/interceptor/impl/req/redirect.js
@@ -9,10 +9,18 @@ module.exports = {
     // 获取重定向目标地址
     const redirect = proxyApi.buildTargetUrl(rOptions, interceptOpt.redirect, interceptOpt, matched)
 
-    res.writeHead(302, {
+    const headers = {
       'Location': redirect,
       'DS-Interceptor': 'redirect',
-    })
+    }
+
+    // headers.Access-Control-Allow-*：避免跨域问题
+    if (rOptions.headers.origin) {
+      headers['Access-Control-Allow-Credentials'] = 'true'
+      headers['Access-Control-Allow-Origin'] = rOptions.headers.origin
+    }
+
+    res.writeHead(302, headers)
     res.end()
 
     const url = `${rOptions.method} ➜ ${rOptions.protocol}//${rOptions.hostname}:${rOptions.port}${req.url}`
diff --git a/packages/mitmproxy/src/lib/interceptor/impl/req/success.js b/packages/mitmproxy/src/lib/interceptor/impl/req/success.js
@@ -5,10 +5,18 @@ module.exports = {
     const { rOptions, log } = context
 
     if (interceptOpt.success === true || interceptOpt.success === 'true') {
-      res.writeHead(200, {
+      const headers = {
         'Content-Type': 'text/plain; charset=utf-8',
         'DS-Interceptor': 'success',
-      })
+      }
+
+      // headers.Access-Control-Allow-*：避免跨域问题
+      if (rOptions.headers.origin) {
+        headers['Access-Control-Allow-Credentials'] = 'true'
+        headers['Access-Control-Allow-Origin'] = rOptions.headers.origin
+      }
+
+      res.writeHead(200, headers)
       res.write(
         'DevSidecar 200: Request success.\n\n'
         + '  This request is matched by success intercept.\n\n'
