diff --git a/bin/verifier b/bin/verifier
index 305642f54d79e519b9dd3cfc98b46b2796f506bc..ee641c35c429e4e58d2de1dff525cbc27fb719fe 100755
--- a/bin/verifier
+++ b/bin/verifier
@@ -80,15 +80,6 @@ app.post('/verify', function(req, resp, next) {
if (!(assertion && audience))
return resp.json({ status: "failure", reason: "need assertion and audience" });
- // FIXME: remove this eventually
- resp.setHeader('Access-Control-Allow-Origin', '*');
- if (req.method === 'OPTIONS') {
- resp.setHeader('Access-Control-Allow-Methods', 'POST, GET');
- resp.writeHead(200);
- resp.end();
- return;
- }
-
certassertion.verify(
assertion, audience,
function(email, audienceFromAssertion, expires, issuer) {
diff --git a/example/index.html b/example/index.html
index 2b258e7c52cd1b38a553122f52f88e82954784f8..c4f48ecc4e22d98a02c1b3c082fe33487f104fa5 100644
--- a/example/index.html
+++ b/example/index.html
@@ -100,7 +100,7 @@ a:hover { border-bottom: 2px solid black ; }
$("#oVerificationRequest").empty().text("POST " + url + "\n" + JSON.stringify(data));
$.ajax({
- url: "https://browserid.org/verify",
+ url: "/process_assertion",
type: "post",
dataType: "json",
data: data,
diff --git a/scripts/serve_example.js b/scripts/serve_example.js
index 904081830eca2f7392ede8c1d7434c488d402b01..7e16f58a5d067ecbce8d4a540ca51c9dc55b1182 100755
--- a/scripts/serve_example.js
+++ b/scripts/serve_example.js
@@ -5,11 +5,12 @@ const
express = require('express'),
path = require('path'),
urlparse = require('urlparse'),
-postprocess = require('postprocess');
+postprocess = require('postprocess'),
+querystring = require('querystring');
var exampleServer = express.createServer();
-exampleServer.use(express.logger());
+exampleServer.use(express.logger({ format: 'dev' }));
if (process.env['BROWSERID_URL']) {
var burl = urlparse(process.env['BROWSERID_URL']).validate().normalize().originOnly().toString();
@@ -22,6 +23,56 @@ if (process.env['BROWSERID_URL']) {
exampleServer.use(express.static(path.join(__dirname, "..", "example")));
+exampleServer.use(express.bodyParser());
+
+exampleServer.post('/process_assertion', function(req, res, next) {
+ var verifier = urlparse(process.env['VERIFIER_URL']);
+ var meth = verifier.scheme === 'http' ? require('http') : require('https');
+
+ var vreq = meth.request({
+ host: verifier.host,
+ port: verifier.port,
+ path: verifier.path,
+ method: 'POST'
+ }, function(vres) {
+ var body = "";
+ vres.on('data', function(chunk) { body+=chunk; } )
+ .on('end', function() {
+ try {
+ console.log(body);
+ var verifierResp = JSON.parse(body);
+ var valid = verifierResp && verifierResp.status === "okay";
+ var email = valid ? verifierResp.email : null;
+ if (valid) {
+ console.log("assertion verified successfully for email:", email);
+ } else {
+ console.log("failed to verify assertion:", verifierResp.reason);
+ }
+ res.json(verifierResp);
+ } catch(e) {
+ console.log("non-JSON response from verifier");
+ // bogus response from verifier! return null
+ res.json(null);
+ }
+ });
+ });
+ vreq.setHeader('Content-Type', 'application/x-www-form-urlencoded');
+
+ // An "audience" argument is embedded in the assertion and must match our hostname.
+ // Because this one server runs on multiple different domain names we just use
+ // the host parameter out of the request.
+ var audience = req.headers['host'] ? req.headers['host'] : localHostname;
+ var data = querystring.stringify({
+ assertion: req.body.assertion,
+ audience: audience
+ });
+ vreq.setHeader('Content-Length', data.length);
+ vreq.write(data);
+ vreq.end();
+ console.log("verifying assertion!");
+
+});
+
exampleServer.listen(
process.env['PORT'] || 10001,
process.env['HOST'] || process.env['IP_ADDRESS'] || "127.0.0.1",