A simple transparent proxy that adds permissive CORS and CORP headers to all HTTP responses. It allows you to bypass CORS restrictions and CORP restrictions on an API for development or testing purposes.
It works in two parts, a Node.js server and an Nginx reverse proxy.
"Why is node required?" you might ask... well, if the target API endpoint is known ahead of time it's possible to create a solution using only Nginx or HAProxy. But to target any endpoint dynamically, extra logic is required. A Lua script in Nginx or HAproxy would be a more elegant solution but for the sake of quick implementation and ease of tracking errors/requests a node server is used here.
- Clone this repo to your server or dev environment.
- Make changes to
index.jsandserver.jsif required. - Set up an Nginx virtual host using
nginx.confas a template. - Run
node index.js.
To use the service prepend its URL before the API you want to access. For example, if you set up cors-proxy with an endpoint https://cors-proxy.yourdomain.com and the API you want to access is https://swapi.dev/api/people/1/, then you should fetch:
https://cors-proxy.yourdomain.com/https://swapi.dev/api/people/1/
If you set up Nginx as in the nginx.conf template, you can make a request to a https API URL over http. This is useful for devices with old CA certificates or no modern TLS support. Simply use http instead of https:
http://cors-proxy.yourdomain.com/https://swapi.dev/api/people/1/
MIT license. See LICENSE.
© 2021 Max Milton