Cors proxies

readme.md

Service	SSL	status	Response Type	Allowed methods	Allowed headers	Exposed headers	Follow redirect	Streamable	WebSocket	Upload limit	Download limit	Country code	Comments
CORS bridged	✅	Mirrored	Raw	*	All but expect Forbidden headers	❓	❓	❓	❓	16mb/request	❓	US (CA)	Blog for docs & Testing
cors-anywhere	✅	Mirrored	Raw	*	*	*	Up to 5x	❓	❓	❓	❓	US	Require Origin header
cors-anywhere @ glitch	✅	Mirrored	Raw	❓	❓	❓	❓	❓	❓	❓	❓	❓	source
thingproxy	✅	❓	❓	*	❓	❓	❓	❓	❓	100kb	100kb	US	Max 10 req/sec
Whatever Origin	❌	❌	jsonp	GET	None	None	❓	❌	❌	❓	❓	US
Go Between	✅	❓	❓	❓	❓	❓	❓	❓	❓	❓	❓	❓
goxcors	✅	Allways 200	Raw	*	*	None	✅	❓	❓	❓	❓	US	POST type is limited to x-www-form-urlencoded Have a werd api Response Type is Allways text/html
All Origins	✅	Only code in json	Json, jsonp, Raw	*	❌	None	✅	❓	❓	❓	❓	US	When using raw you loose status information
Cloudflare Cors Anywhere	✅	Only code mirror (not statusText)	Raw	*	All but expect Forbidden headers	none	✅	❌	❓	none	none	❓	100,000 requests/day 1,000 requests/10 minutes
JSONProxy	✅	❓	❓	GET	❓	❓	❓	❓	❓	❓	❓	❓

Possible dead

cors.io

✅

Only code mirror

Raw

GET, HEAD

❓

❓

✅

❓

❓

❓

❓

US

crossorigin.me

✅

❓

❓

GET

❓

❓

❓

❓

❓

2MB

2MB

US

Require Origin header

HTML Driven

✅

❓

❓

❓

❓

❓

❓

❓

❓

❓

❓

❓

Taskcluster

✅

❓

❓

*

❓

❓

❓

❓

❓

❓

❓

US

All request must be made within the request body Only whitelisted for taskcluster

anyorigin

❌

❓

jsonp

GET

none

none

❓

❌

❌

❌

❓

US

just left a request for an api key at cors.bridged.cc. Its just for a few students to do some projects with apis they want to use. I'll update on the process - see if I get an answer, a key, etc. For now we are using corsproxy.io. I can't believe how fast it is.

Hi @bytezeroseven,

thank you for your message and sorry for the bit delayed answer. I’m glad you like https://corsproxy.io.

Our Network also runs a lot bigger services than our CORS Proxy. We have enough computing power to run the project in the long term. We are also adding a newsletter to the site very soon so that users can receive early notification of outages and maintenance. And we are planning to add some premium features to refinance the project to make sure it lasts a long time. :)

Regards, Marius

Will modify request/response feature (add request headers, etc...) be added?

@mariusbolik Does corsproxy.io follow redirects?

Will modify request/response feature (add request headers, etc...) be added?

Yes, this is on our roadmap!

Just pinging in. I'm preparing my cors.bridged.cc back to free & public again. with the new domain under https://cors.sh/ (It's not online for now)
This might take some time for me, few weeks, may be a month. I'll let the subscribers here know once the service is ready. :)

corsproxy helped me with the toughest api that none of the other proxies were set up right for. It’s full service. Love it! Thank you!

@mariusbolik your proxy is amazing! Thank you. We are using it for educational reasons, nothing big or serious, but it helps our students use the APIs they actually like.

@femke77 thank you! I appreciate your words!

@mariusbolik I have a project due for my university course this week and we can't have the examiner use any browser addons that would bypass the cors error.

Your service has saved me, If this project was not here I would not be able to gain my qualification.

Thank you and thanks to anyone involved, I just wish I knew the words to express my thanks.

Using @mariusbolik 's service for the first time today and it has worked super fine for me. Thanks for the great work!

@mariusbolik Does corsproxy.io follow redirects?

@mariusbolik thank you for your service, I'm using it for another free service at https://ec2instances.github.io/ works like a charm!

@mariusbolik Have headers modification feature been added? Thanks for such a great service anyway.

I'd like chime in with another cors option http-proxy-middleware

• This library support modify response out of the box, which a major advantage compare to cors-anywhere
• But there are drawbacks that I noticed
  • The target URL is defined inside option object, I think it will be more convenient to be grabbed from URL
  • cors-anywhere can follow redirect of site returns 401, while http-proxy-middleware can't. For example some of the target sites I worked will redirect if there is a ?password=12345 in URL param, and they only work with cors-anywhere
• If anywhere has resolved these issue before, I'm all ears! For now, I'll go with http-proxy-middleware since I need ability to modify response

I'd like chime in with another cors option http-proxy-middleware

• This library support modify response out of the box, which a major advantage compare to cors-anywhere

• But there are drawbacks that I noticed

  • The target URL is defined inside option object, I think it will be more convenient to be grabbed from URL
  • cors-anywhere can follow redirect of site returns 401, while http-proxy-middleware can't. For example some of the target sites I worked will redirect if there is a ?password=12345 in URL param, and they only work with cors-anywhere

• If anywhere has resolved these issue before, I'm all ears! For now, I'll go with http-proxy-middleware since I need ability to modify response

You can check the cors proxy that I wrote, I've been using it for a while and it is working pretty fine, It has a lot of options that you can use for your own need.

https://github.com/hoangvu12/requests-proxy

corsproxy.io adds cloudeflare's browser integrity check/bot fight script (https://corsproxxy.io/cdn-cgi/challenge-platform/scripts/invisible.js) to the response. So, you won't get "original content".

Great! Thank you for sharing. I think you should send PR to free-for.dev

I also personally implement a cors proxy that provides low-level options including cookies a header referer, origin... and free. See the source code here: https://github.com/manga-raiku/proxy

Can you add https://corsproxy.io? It's made by my company and many other companies use it to develop javascript applications. It's made in Germany, 100% gdpr compliant and runs on a global CDN. We currently serve 2.5 Mio requests per day :)

This service has suddenly blocked me (even the country gives my IP address for no reason) can you assist me?

@mariusbolik Thanks for this great service, however it seems that corsproxy.io does not work correctly with Chinese characters in the URL (percent-encoded or not). Perhaps this is a character set compatibility issue?

For some reason, CloudFlare (which sits in front of https://corsproxy.io) has blocked a few of my company's ip addresses, and I don't know why.

Example: curl -sS 'https://corsproxy.io/?https%3A%2F%2Fwww.google.com%2F'
Results:

Sorry, you have been blocked

Why have I been blocked?

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

What can I do to resolve this?

You can email the site owner to let them know you were blocked. Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Cloudflare Ray ID: 81cdc123d953ebe6

Thank you all for using CorsProxy.io extensively! We see a significant growth in the number of users and daily requests. But we are also noticed suspicious content that was proxied through our service, so we hat to block all content types that are not text based. Our service should be used mainly for JSON, CSV, XML, etc. We have also blocked some countries due to a high volume of suspicious requests to ensure the security and integrity of our service. If you receive a notification that you've been blocked, it's likely due to our rate limiting measures being triggered to maintain service integrity.

We are currently developing a paid version of our service to re-enable certain countries, file types and rate limits. The price will not be high, but due to the popularity of the service and for our own protection, it is necessary that we secure ourselves with payment information and other user information. The basic version will remain free.

But we want to offer you more, so we will offer all paid users an analytics dashboard to better debug their requests. Also, more helpful features will be released. It should start in a few days. Who is interested can pre-register here: https://accounts.corsproxy.io/sign-up

Thank you all for using CorsProxy.io extensively! We see a significant growth in the number of users and daily requests. But we are also noticed suspicious content that was proxied through our service, so we hat to block all content types that are not text based. Our service should be used mainly for JSON, CSV, XML, etc. We have also blocked some countries due to a high volume of suspicious requests to ensure the security and integrity of our service. If you receive a notification that you've been blocked, it's likely due to our rate limiting measures being triggered to maintain service integrity.

We are currently developing a paid version of our service to re-enable certain countries, file types and rate limits. The price will not be high, but due to the popularity of the service and for our own protection, it is necessary that we secure ourselves with payment information and other user information. The basic version will remain free.

But we want to offer you more, so we will offer all paid users an analytics dashboard to better debug their requests. Also, more helpful features will be released. It should start in a few days. Who is interested can pre-register here: https://accounts.corsproxy.io/sign-up

Are you a developer of CorsProxy.io?
Do you know who I can ask a question?
Thanks.

I have been using this proxy service for a while in my JavaScript code.

Suddenly, it stopped working for this website's page:

https://corsproxy.io/?https://weather.gc.ca/city/pages/on-143_metric_e.html

function getWeather(container) {
  // Fetch the HTML page from Weather forecast
  const url = 'https://corsproxy.io/?' + encodeURIComponent('https://weather.gc.ca/city/pages/on-143_metric_e.html');

  fetch(url)
    .then(response => response.text())
    .then(data => createWeather(container, data))
    .catch(error => console.error(error));
}

The error returned is

{
"message": "Please create an account at https://accounts.corsproxy.io to proxy this file type."
}

This didn't happen before, for many years.
Started to throw this error message just recently.
Well, I went to https://accounts.corsproxy.io and registered my account there, as the prompt suggests.

However, nothing has changed. I am still getting the error.

Any idea why? Any idea how to make it work again?

Tried to contact the developer of that service but haven't received any response.

Thanks.

"No such thing as a free lunch"

@slishnevsky I am sorry. We had to disable HTML content because of phishing attacks through our server. Currently, only JSON, XML and CSV are allowed.

I see. Thank you, Marius.

…

On Tue, Nov 7, 2023 at 2:29 PM Marius Bolik ***@***.***> wrote: ***@***.**** commented on this gist. ------------------------------ @slishnevsky <https://github.com/slishnevsky> I am sorry. We had to disable HTML content because of phishing attacks through our server. Currently, only JSON, XML and CSV are allowed. — Reply to this email directly, view it on GitHub <https://gist.github.com/jimmywarting/ac1be6ea0297c16c477e17f8fbe51347#gistcomment-4753236> or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAWMAAZBT233UOB6NCCGQW3YDKDYZBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVA2DONBTGI4TQN5HORZGSZ3HMVZKMY3SMVQXIZI> . You are receiving this email because you were mentioned. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> .

@slishnevsky I am sorry. We had to disable HTML content because of phishing attacks through our server. Currently, only JSON, XML and CSV are allowed.
@mariusbolik
Any chance it will return? Your proxy is perfect for small local projects.

Hey there @mariusbolik,

I noticed that there's some rate limiting occurring recently. Not sure if there was already rate limiting before your update after the phishing attacks, but when I make around 50ish requests through the proxy, I start getting 403s on all my requests. I'm thinking that's being returned from corsproxy.io, would you be able to confirm that?

I'm really liking corsproxy.io so far, I'm using it in a small project for a client and for my own personal project. I believe I created an account linked with my Github, but I don't know if I'm signed up for the analytics dashboard and news on the paid service. Would love to get in on that if possible. Can you provide any more information on that?

Danke!

@mariusbolik
This
https://corsproxy.io/?https%3A%2F%2Fwww.eurocontrol.int%2Fperformance%2Fdata%2Fdownload%2Fcsv%2Fmom_co2.csv
for a CSV fails with

{
"message": "Please create an account at https://accounts.corsproxy.io to proxy this file type."
}

I am using it in Observable in this notebook

Any idea about what I am doing wrong? This used to worked for months...

PS: I created an account but what do I use it for?

@mariusbolik do you think you could add a new feature to corsproxy.io to parse a 404 response to 200?