Skip CORS Anywhere for AMO endpoints that support CORS (#92)

Verified with add-ons at addons-dev.allizom.org, but does not work with addons.mozilla.org yet, because the prod CDN still needs to be updated: https://bugzilla.mozilla.org/show_bug.cgi?id=1620084#c5
Rob--W · May 17, 2020 · dbcdb82 · dbcdb82
1 parent 651d448
commit dbcdb82
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/src/cws_pattern.js b/src/cws_pattern.js
@@ -197,13 +197,30 @@ function get_amo_slug(url) {
     }
 }
 
+function is_cors_enabled_download_url(url) {
+    if (
+        // We're only interested in XPI files from AMO,
+        // which supports CORS as of March 2020:
+        // https://github.com/mozilla/addons-server/issues/9118
+        // The following matches the whole AMO domain, including non-CORS
+        // endpoints. That's fine since we only care about XPI URLs.
+        amo_domain_pattern.test(url) ||
+        // The full redirect chain should also allow CORS, including the CDN:
+        // https://bugzilla.mozilla.org/show_bug.cgi?id=1620084
+        amo_xpi_cdn_pattern.test(url)
+    ) {
+        return true;
+    }
+    return false;
+}
+
 // Some environments enforce restrictions on the URLs that can be accessed.
 // This function rewrites the input URL to one that should serve exactly the
 // same result as the requested URL, sans restrictions.
 function get_equivalent_download_url(url) {
     var requestUrl = url;
 //#if WEB
-    if (/^https?:/.test(url)) {
+    if (/^https?:/.test(url) && !is_cors_enabled_download_url(url)) {
         // Proxy request through CORS Anywhere.
         requestUrl = 'https://cors-anywhere.herokuapp.com/' + url;
     }