From 0c338234f3fdb3136144b504d00afcb62bbeafe5 Mon Sep 17 00:00:00 2001
From: William Hilton <wmhilton@gmail.com>
Date: Fri, 14 Dec 2018 12:13:40 -0500
Subject: [PATCH] feat: allow whitelisting insecure HTTP servers for
 development purposes

---
 README.md | 1 +
 index.js  | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 173cb5a..08c077f 100644
--- a/README.md
+++ b/README.md
@@ -44,6 +44,7 @@ cors-proxy stop
 Environment variables:
 - `PORT` the port to listen to (if run with `npm start`)
 - `ALLOW_ORIGIN` the value for the 'Access-Control-Allow-Origin' CORS header
+- `INSECURE_HTTP_ORIGINS` comma separated list of origins for which HTTP should be used instead of HTTPS (added to make developing against locally running git servers easier)
 
 ## License
 
diff --git a/index.js b/index.js
index 21efd8b..10ab181 100644
--- a/index.js
+++ b/index.js
@@ -3,6 +3,7 @@ const url = require('url')
 const pkg = require('./package.json')
 const {send} = require('micro')
 const origin = process.env.ALLOW_ORIGIN
+const insecure_origins = (process.env.INSECURE_HTTP_ORIGINS || '').split(',')
 const allowHeaders = [
   'accept-encoding',
   'accept-language',
@@ -104,9 +105,10 @@ async function service (req, res) {
   let parts = p.match(/\/([^\/]*)\/(.*)/)
   let pathdomain = parts[1]
   let remainingpath = parts[2]
-  console.log(`https://${pathdomain}/${remainingpath}`)
+  let protocol = insecure_origins.includes(pathdomain) ? 'http' : 'https'
+  console.log(`${protocol}://${pathdomain}/${remainingpath}`)
   let f = await fetch(
-    `https://${pathdomain}/${remainingpath}`,
+    `${protocol}://${pathdomain}/${remainingpath}`,
     {
       method: req.method,
       headers,