cruss-agent 1.0.6 → 1.0.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cruss-agent",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "description": "Local API relay for Cruss — test localhost APIs from cruss-ten.vercel.app",
   "main": "server.js",
   "bin": {

package/server.js

@@ -6,14 +6,24 @@ const https = require('https')
 const url   = require('url')
 
 const PORT    = 9119
-const VERSION = '1.0.6'
-
+const VERSION = '1.0.7'
+
+// ── CORS ─────────────────────────────────────────────────────────────────
+// Access-Control-Allow-Private-Network is required by Chrome 104+ (PNA policy).
+// When an HTTPS page (e.g. cruss-ten.vercel.app) makes a non-simple request
+// (POST with Content-Type: application/json) to localhost, Chrome first sends
+// an OPTIONS preflight with "Access-Control-Request-Private-Network: true".
+// The agent MUST respond with "Access-Control-Allow-Private-Network: true"
+// or Chrome silently blocks the actual request. GET /health works without it
+// because simple GET requests bypass the PNA preflight — which is exactly
+// why health checks passed but POST /proxy was never received.
 function corsHeaders() {
   return {
-    'Access-Control-Allow-Origin':  '*',
-    'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
-    'Access-Control-Allow-Headers': '*',
-    'Access-Control-Max-Age':       '86400',
+    'Access-Control-Allow-Origin':          '*',
+    'Access-Control-Allow-Methods':         'GET, POST, OPTIONS',
+    'Access-Control-Allow-Headers':         '*',
+    'Access-Control-Allow-Private-Network': 'true',
+    'Access-Control-Max-Age':               '86400',
   }
 }
 
@@ -50,9 +60,7 @@ function proxyOnce(hostname, port, path, method, outHeaders, body, isHttps) {
       headers: outHeaders,
       timeout: 30000,
     }
-
     console.log(`  → trying ${hostname}:${resolvedPort}${path || '/'}`)
-
     const t0  = Date.now()
     const req = lib.request(options, res => {
       const chunks = []
@@ -64,7 +72,7 @@ function proxyOnce(hostname, port, path, method, outHeaders, body, isHttps) {
         const respHeaders = {}
         for (const [k, v] of Object.entries(res.headers || {})) {
           if (!['access-control-allow-origin','access-control-allow-headers',
-                'access-control-allow-methods'].includes(k.toLowerCase())) {
+                'access-control-allow-methods','access-control-allow-private-network'].includes(k.toLowerCase())) {
             respHeaders[k] = Array.isArray(v) ? v.join(', ') : v
           }
         }
@@ -91,33 +99,25 @@ function proxyOnce(hostname, port, path, method, outHeaders, body, isHttps) {
 async function proxyRequest(targetUrl, method, reqHeaders, body) {
   const parsed  = url.parse(targetUrl)
   const isHttps = parsed.protocol === 'https:'
-
   const outHeaders = {}
   for (const [k, v] of Object.entries(reqHeaders || {})) {
     if (!HOP_BY_HOP.has(k.toLowerCase())) outHeaders[k] = v
   }
-
   const candidates = loopbackCandidates(parsed.hostname)
   console.log(`\n  [${new Date().toISOString()}] ${method} ${targetUrl}`)
   console.log(`  candidates: ${candidates.join(', ')}`)
-
   let lastErr
   for (const host of candidates) {
     try {
       return await proxyOnce(host, parsed.port, parsed.path, method, outHeaders, body, isHttps)
     } catch (err) {
       lastErr = err
-      if (err.code !== 'ECONNREFUSED' && err.code !== 'EADDRNOTAVAIL') {
-        console.log(`  ✗ fatal error: ${err.message}`)
-        throw err
-      }
+      if (err.code !== 'ECONNREFUSED' && err.code !== 'EADDRNOTAVAIL') throw err
     }
   }
-
   const port = parsed.port || (isHttps ? 443 : 80)
   throw new Error(
-    `Connection refused on all addresses (${candidates.join(', ')}) port ${port}. ` +
-    `Is your server running on port ${port}?`
+    `Connection refused on all addresses (${candidates.join(', ')}) port ${port}. Is your server running on port ${port}?`
   )
 }
 
@@ -125,8 +125,14 @@ const server = http.createServer(async (req, res) => {
   const cors    = corsHeaders()
   const reqPath = url.parse(req.url).pathname
 
+  // Log ALL incoming requests so we can see preflights
+  console.log(`  [${req.method}] ${reqPath} — origin: ${req.headers['origin'] || '(none)'} pna: ${req.headers['access-control-request-private-network'] || 'no'}`)
+
   if (req.method === 'OPTIONS') {
-    res.writeHead(204, cors); res.end(); return
+    console.log(`  ← preflight OK`)
+    res.writeHead(204, cors)
+    res.end()
+    return
   }
 
   function send(status, body) {
@@ -135,7 +141,6 @@ const server = http.createServer(async (req, res) => {
   }
 
   if (req.method === 'GET' && reqPath === '/health') {
-    console.log(`  [health check] OK`)
     send(200, { ok: true, version: VERSION, agent: 'cruss-agent', port: PORT })
     return
   }
@@ -145,14 +150,12 @@ const server = http.createServer(async (req, res) => {
     try {
       payload = JSON.parse(await readBody(req))
     } catch {
-      send(400, { error: 'Request body must be valid JSON' }); return
+      send(400, { error: 'Request body must be valid JSON' })
+      return
     }
-
     const { method, url: targetUrl, headers, body } = payload || {}
-
     if (!targetUrl || typeof targetUrl !== 'string') { send(400, { error: 'url is required' }); return }
     if (!method   || typeof method   !== 'string')   { send(400, { error: 'method is required' }); return }
-
     try {
       const result = await proxyRequest(targetUrl, method, headers || {}, body)
       send(200, { data: result })
@@ -180,7 +183,7 @@ server.listen(PORT, '0.0.0.0', () => {
   console.log('  ║   Ctrl+C to stop                      ║')
   console.log('  ╚═══════════════════════════════════════╝')
   console.log('')
-  console.log('  Waiting for requests... (all activity logged below)')
+  console.log('  All requests logged below.')
   console.log('')
 })