I have the following script to set some custom cookies inside of a Cloudflare worker when a user visits my site:
addEventListener('fetch', event => event.respondWith(fetchAndApply(event.request)));
async function fetchAndApply(request) {
const cookies = request.headers.get('Cookie') || '';
const country = request.headers.get('CF-IpCountry');
const url = new URL(request.url);
if (url.pathname.indexOf('.aspx') > -1) {
return new Response(
"Page not found.",
{ status: 404 });
}
if (cookies.includes("cf:request-eu")) {
return fetch(request);
}
let response = await fetch(request);
response = new Response(response.body, response);
const list = [
// EU 28:
"AT", "Austria",
"BE", "Belgium",
"BG", "Bulgaria",
"HR", "Croatia",
"CY", "Cyprus",
"CZ", "Czech Republic",
"DK", "Denmark",
"EE", "Estonia",
"FI", "Finland",
"FR", "France",
"DE", "Germany",
"GR", "Greece",
"HU", "Hungary",
"IE", "Ireland, Republic of (EIRE)",
"IT", "Italy",
"LV", "Latvia",
"LT", "Lithuania",
"LU", "Luxembourg",
"MT", "Malta",
"NL", "Netherlands",
"PL", "Poland",
"PT", "Portugal",
"RO", "Romania",
"SK", "Slovakia",
"SI", "Slovenia",
"ES", "Spain",
"SE", "Sweden",
"GB", "United Kingdom (Great Britain)",
// Outermost Regions (OMR)
// https://en.wikipedia.org/wiki/Special_member_state_territories_and_the_European_Union#Outermost_regions
"GF", "French Guiana",
"GP", "Guadeloupe",
"MQ", "Martinique",
"ME", "Montenegro",
"YT", "Mayotte",
"RE", "RĂ©union",
"MF", "Saint Martin",
// No Code, Azores
// No Code, Canary Islands
// No Code, Madeira
// Special Cases: Part of EU
// https://en.wikipedia.org/wiki/Special_member_state_territories_and_the_European_Union#Special_cases_in_Europe
"GI", "Gibraltar",
"AX", "Ă…land Islands",
// No Code, BĂĽsingen am Hochrhein
// No Code, Campione d'Italia and Livigno
// No Code, Ceuta and Melilla
// No Code, UN Buffer Zone in Cyprus
// No Code, Helgoland
// No Code, Mount Athos
// Overseas Countries and Territories (OCT)
// https://en.wikipedia.org/wiki/Special_member_state_territories_and_the_European_Union#Overseas_countries_and_territories
"PM", "Saint Pierre and Miquelon",
"GL", "Greenland",
"BL", "Saint Bartelemey",
"SX", "Sint Maarten",
"AW", "Aruba",
"CW", "Curacao",
"WF", "Wallis and Futuna",
"PF", "French Polynesia",
"NC", "New Caledonia",
"TF", "French Southern Territories",
"AI", "Anguilla",
"BM", "Bermuda",
"IO", "British Indian Ocean Territory",
"VG", "Virgin Islands, British",
"KY", "Cayman Islands",
"FK", "Falkland Islands (Malvinas)",
"MS", "Montserrat",
"PN", "Pitcairn",
"SH", "Saint Helena",
"GS", "South Georgia and the South Sandwich Islands",
"TC", "Turks and Caicos Islands",
// Microstates
// https://en.wikipedia.org/wiki/Microstates_and_the_European_Union
"AD", "Andorra",
"LI", "Liechtenstein",
"MC", "Monaco",
"SM", "San Marino",
"VA", "Vatican City",
// Other (Not sure how these fit in)
"JE", "Jersey",
"GG", "Guernsey",
"GI", "Gibraltar"
];
response.headers.set("Set-Cookie", `cf:request-country=${country}`);
response.headers.set("Set-Cookie", `cf:request-eu=${list.indexOf(country) > -1}`);
return response;
}
The problem I am having is that upon the first log in attempt, Rails throws out the form submission because of an issue with the CSRF token authenticity. If I resubmit the form a second time, then the request passes as normal, which makes sense (since the request cookies contain one I care about, then the request is passed on to the client without modifying the headers).
I can’t think of another way to set a cookie and have form data work properly.