Skip to main content
Topic: CORS Web Proxy (Read 1197 times) previous topic - next topic

CORS Web Proxy

This API enables cross-origin requests to anywhere.

Usage:

/               Shows help
/iscorsneeded   This is the only resource on this host which is served without CORS headers.
/<url>          Create a request to <url>, and includes CORS headers in the response.

If the protocol is omitted, it defaults to http (https if port 443 is specified).

Cookies are disabled and stripped from requests.

Redirects are automatically followed. For debugging purposes, each followed redirect results
in the addition of a X-CORS-Redirect-n header, where n starts at 1. These headers are not
accessible by the XMLHttpRequest API.
After 5 redirects, redirects are not followed any more. The redirect response is sent back
to the browser, which can choose to follow the redirect (handled automatically by the browser).

The requested URL is available in the X-Request-URL response header.
The final URL, after following all redirects, is available in the X-Final-URL response header.


To prevent the use of the proxy for casual browsing, the API requires either the Origin
or the X-Requested-With header to be set. To avoid unnecessary preflight (OPTIONS) requests,
it's recommended to not manually set these headers in your code.


Demo          :   https://robwu.nl/cors-anywhere.html
Source code   :   https://github.com/Rob--W/cors-anywhere/
Documentation :   https://github.com/Rob--W/cors-anywhere/#documentation



https://cors-anywhere.herokuapp.com
https://censys.io/ipv4?q=80.http.get.body%3A%22This+API+enables+cross-origin+requests+to+anywhere.%22
http://35.186.253.31 - Google
http://35.244.147.98 - Google
http://138.197.208.159 - Digital Ocean
http://34.203.14.52 - AWS
http://18.221.197.235 - AWS
http://3.232.73.206 - AWS
http://54.209.18.17 - AWS
http://54.87.255.209 - AWS
http://54.67.15.186 - AWS
http://18.190.9.101 - AWS
http://103.136.42.111 - WorldStream
http://84.243.150.88 - Norway
http://34.200.110.181 - AWS
http://34.218.222.68 - AWS
http://52.8.94.115 - AWS
http://3.216.117.191 - AWS
http://52.205.51.82 - AWS
http://116.85.15.25 - China
http://163.172.153.110 - Online France
http://35.241.43.162 - Google
http://35.241.159.214 - Google
http://35.210.173.135 - Google
http://159.89.155.250 - Digital Ocean
http://46.101.119.123 - Digital Ocean
http://139.162.132.99 - Linode
http://178.128.82.78 - Digital Ocean
http://35.193.125.233 - Google
http://47.75.75.5 - Alibaba HK
http://45.77.197.229 - Choopa
http://206.189.145.233 - Digital Ocean
http://167.99.234.61 - Digital Ocean
http://178.128.65.97 - Digital Ocean
http://13.86.192.66 - Microsoft
http://67.205.151.62  - Digital Ocean
http://94.130.184.92  - Hetzner
http://91.134.227.147 - OVH France
http://34.98.120.205 - Google
http://104.131.126.72  - Digital Ocean
http://18.185.96.182 - AWS
http://63.32.184.210 - AWS
http://18.130.72.229 - AWS
http://18.196.5.147 - AWS
http://3.120.45.89 - AWS
http://35.180.212.27 - AWS



 

Re: CORS Web Proxy

Reply #3
Cloudflare Workers CORS Proxy

Code: [Select]
async function handleRequest(request) {
  const url = new URL(request.url)
  let apiUrl = url.searchParams.get('apiurl')
  if (apiUrl == null) {
    apiUrl = API_URL
  }
  // Rewrite request to point to API url. This also makes the request mutable
  // so we can add the correct Origin header to make the API server think
  // that this request isn't cross-site.
  request = new Request(apiUrl, request)
  request.headers.set('Origin', new URL(apiUrl).origin)
  let response = await fetch(request)
  // Recreate the response so we can modify the headers
  response = new Response(response.body, response)
  // Set CORS headers
  response.headers.set('Access-Control-Allow-Origin', '*')
  // Append to/Add Vary header so browser will cache response correctly
  response.headers.append('Vary', 'Origin')
  return response
}
function handleOptions(request) {
  // Make sure the necessary headers are present
  // for this to be a valid pre-flight request
  if (
    request.headers.get('Origin') !== null &&
    request.headers.get('Access-Control-Request-Method') !== null &&
    request.headers.get('Access-Control-Request-Headers') !== null
  ) {
    // Handle CORS pre-flight request.
    // If you want to check the requested method + headers
    // you can do that here.
    return new Response(null, {
      headers: corsHeaders,
    })
  } else {
    // Handle standard OPTIONS request.
    // If you want to allow other HTTP Methods, you can do that here.
    return new Response(null, {
      headers: {
        Allow: 'GET, HEAD, POST, OPTIONS',
      },
    })
  }
}
addEventListener('fetch', event => {
  const request = event.request
  const url = new URL(request.url)
  if (url.pathname.startsWith(PROXY_ENDPOINT)) {
    if (request.method === 'OPTIONS') {
      // Handle CORS preflight requests
      event.respondWith(handleOptions(request))
    } else if (
      request.method === 'GET' ||
      request.method === 'HEAD' ||
      request.method === 'POST'
    ) {
      // Handle requests to the API server
      event.respondWith(handleRequest(request))
    } else {
      event.respondWith(
        new Response(null, {
          status: 405,
          statusText: 'Method Not Allowed',
        }),
      )
    }
  } else {
    // Serve demo page
    event.respondWith(rawHtmlResponse(DEMO_PAGE))
  }
})
// We support the GET, POST, HEAD, and OPTIONS methods from any origin,
// and accept the Content-Type header on requests. These headers must be
// present on all responses to all CORS requests. In practice, this means
// all responses to OPTIONS requests.
const corsHeaders = {
  'Access-Control-Allow-Origin': '*',
  'Access-Control-Allow-Methods': 'GET, HEAD, POST, OPTIONS',
  'Access-Control-Allow-Headers': 'Content-Type',
}
// The URL for the remote third party API you want to fetch from
// but does not implement CORS
const API_URL = 'https://workers-tooling.cf/demos/demoapi'
// The endpoint you want the CORS reverse proxy to be on
const PROXY_ENDPOINT = '/corsproxy/'
// The rest of this snippet for the demo page
async function rawHtmlResponse(html) {
  return new Response(html, {
    headers: {
      'content-type': 'text/html;charset=UTF-8',
    },
  })
}
const DEMO_PAGE = `
  <!DOCTYPE html>
  <html>
  <body>
    <h1>API GET without CORS Proxy</h1>
    <a target='_blank' href='https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API/Using_Fetch#Checking_that_the_fetch_was_successful'>Shows TypeError: Failed to fetch since CORS is misconfigured</a>
    <p id='noproxy-status'/>
    <code id='noproxy'>Waiting</code>
    <h1>API GET with CORS Proxy</h1>
    <p id='proxy-status'/>
    <code id='proxy'>Waiting</code>
    <h1>API POST with CORS Proxy + Preflight</h1>
    <p id='proxypreflight-status'/>
    <code id='proxypreflight'>Waiting</code>
    <script>
    let reqs = {};
    reqs.noproxy = async () => {
      let response = await fetch('${API_URL}')
      return await response.json()
    }
    reqs.proxy = async () => {
      let response = await fetch(window.location.origin + '${PROXY_ENDPOINT}?apiurl=${API_URL}')
      return await response.json()
    }
    reqs.proxypreflight = async () => {
      const reqBody = {
        msg: "Hello world!"
      }
      let response = await fetch(window.location.origin + '${PROXY_ENDPOINT}?apiurl=${API_URL}', {
        method: "POST",
        headers: {
          "Content-Type": "application/json"
        },
        body: JSON.stringify(reqBody),
      })
      return await response.json()
    }
    (async () => {
      for (const [reqName, req] of Object.entries(reqs)) {
        try {
          let data = await req()
          document.getElementById(reqName).innerHTML = JSON.stringify(data)
        } catch (e) {
          document.getElementById(reqName).innerHTML = e
        }
      }
    })()
    </script>
  </body>
  </html>`