Unlike CORS Anywhere and crossorigin.me, Never CORS is a proxy server that removes all existed CORS headers.
When I developed TinyCache which loads static resources via XMLHttpRequest (XHR), I need to test XHR requests without CORS headers, but don't want to deploy extra server. So that I tried to find if there are some reliable public static servers I can use. Unfortunately, most of public CDN providers like jsDelivr and unpkg do have CORS headers.
Because of it, I created Never CORS that proxies these CDNs and filters all CORS headers.
https://never-cors.now.sh/${url}
https://never-cors.now.sh/https://cdn.jsdelivr.net/npm/jquery@3.3.1/dist/jquery.min.js
$ curl -X GET -sSI "https://cdn.jsdelivr.net/npm/jquery@3.3.1/dist/jquery.min.js" | grep "access-control"
access-control-allow-origin: *
access-control-expose-headers: *
$ curl -X GET -sSI "https://never-cors.now.sh/https://cdn.jsdelivr.net/npm/jquery@3.3.1/dist/jquery.min.js" | grep "access-control"
# output nothing
This project is based on Now.sh, check here for more information about deployment.
In short,
- Download/Clone this project;
- Modity
now.json
: changealias
to your own domain or delete it; - Run
now
command to deploy (Or use Now for GitHub).
MIT