Cors proxies

readme.md

Service	SSL	status	Response Type	Allowed methods	Allowed headers	Exposed headers	Follow redirect	Streamable	WebSocket	Upload limit	Download limit	Country code	Comments
cors-anywhere	✅	Mirrored	Raw	*	*	*	Up to 5x	❓	❓	❓	❓	US	Require Origin header
cors-anywhere @ glitch	✅	Mirrored	Raw	❓	❓	❓	❓	❓	❓	❓	❓	❓	source
crossorigin.me	✅	❓	❓	GET	❓	❓	❓	❓	❓	2MB	2MB	US	Require Origin header
HTML Driven	✅	❓	❓	❓	❓	❓	❓	❓	❓	❓	❓	❓
Taskcluster	✅	❓	❓	*	❓	❓	❓	❓	❓	❓	❓	US	All request must be made within the request body Only whitelisted for taskcluster
anyorigin	❌	❓	jsonp	GET	none	none	❓	❌	❌	❌	❓	US
thingproxy	✅	❓	❓	*	❓	❓	❓	❓	❓	100kb	100kb	US	Max 10 req/sec
Whatever Origin	❌	❌	jsonp	GET	None	None	❓	❌	❌	❓	❓	US
cors.io	✅	Only code mirror	Raw	GET, HEAD	❓	❓	✅	❓	❓	❓	❓	US
Go Between	✅	❓	❓	❓	❓	❓	❓	❓	❓	❓	❓	❓
goxcors	✅	Allways 200	Raw	*	*	None	✅	❓	❓	❓	❓	US	POST type is limited to x-www-form-urlencoded Have a werd api Response Type is Allways text/html
YaCDN	✅	Not mirrored	Raw	GET	None	❌	Up to 22x	❓	❓	❓	❓	FR	CDN, ignores browsers headers
All Origins	✅	Only code in json	Json, jsonp, Raw	*	❌	None	✅	❓	❓	❓	❓	US	When using raw you loose status information
Cloudflare Cors Anywhere	✅	Only code mirror (not statusText)	Raw	*	All but expect Forbidden headers	none	✅	❌	❓	none	none	❓	100,000 requests/day 1,000 requests/10 minutes

For CORS creator

A good cors proxy should

• allow requested method & headers in preflight request

res.header('Access-Control-Allow-Methods', req.header('Access-Control-Request-Method'))
res.header('Access-Control-Allow-Headers', req.header('Access-Control-Request-Headers')) 

• Send back
  • responseCode as is
  • responseText as is
  • raw data (in case someone wants to work with binary)
  • and expose all response header that came from making the request
    (and potentially prefix set-cookie & location with something)
• dose not use example.com/https://google.com but instead uses example.com/?url=https%3A%2F%2Fgoogle.com
  which allows for more option like
  • overriding method
    • &method=POST
  • ignoring headers sent by the browser
    • &ignoreReqHeaders=true // don't forward any headers sent by browser automatically
  • set, delete or append request/response headers that would allow you to send forbidden headers
    • &appendReqHeaders=[['cookie', 'x-foo']] send an additional cookie
    • &setResHeaders=[['cookie', 'x-foo']]] replaces cookies
    • &deleteReqHeaders=['origin'] don't send origin (which some cors api checks for)
  • control redirect (some want to read headers that are sent in the redirect)
    • &followRedirect=false
  • putting the body in url for some reason
    • &body=abc

Stauts

anyorigin, cors.io, htmldriven & crossorigin.me don't seems to not work atm

P.S.

Instead of using someone else's, make you own, it will be stable and really fast!!
Learn how here: https://github.com/Zibri/cloudflare-cors-anywhere

Don't use the demo url, just make your own on cloudflare.
Abuse (other than testing) of the demo will result in a ban.
The demo accepts only fetch and xmlhttprequest do not try it directly.

Instead of using someone else's, make you own, it will be stable and really fast!!
Learn how here: https://github.com/Zibri/cloudflare-cors-anywhere

@Zibri Thanks for sharing. I arrived here thinking the same thing... for CORS, it's risky to rely on any of these fly-by-night services that are outside of your control, as they could stop functioning without warning. And I think it's becoming such a common thing that projects need, that it is sensible for there to just be a utility to mix in to one's own infrastructure.

Cheers :)

@morpc-gohio

Instead of using someone else's, make you own, it will be stable and really fast!!
Learn how here: https://github.com/Zibri/cloudflare-cors-anywhere

P.S.
Don't use the demo url, just make your own on cloudflare.
Abuse (other than testing) of the demo will result in a ban.
The demo accepts only fetch and xmlhttprequest do not try it directly.

I thinking the same idea after reading many articles and forums. It seems to be a great solution if running your own proxy server. till i met this, you did something great! also thanks..

@adisa555 I am very glad that someone undesrtood why that was important and apreciated it.

(Instead many used just the demo like if was just a free services, but the demo has a slightly different code, logs everything and bans people very easily...heheheheh)

@emjayess thanks for your words ... until now it seemed nobody really cared nor understood.

by the way, with a little modification it could be made streamable too...

To make something streamable you have to

• Make a duplex stream from A <-> B
• You should for example be able to listen to a live .pls radio channel that never ends in a <audio> tag
• the upload body should be piped to the destination without keeping everything in the memory

Yes.. but with cloudflare is very easy to do is just 2-3 lines of code.
See here: https://workers.cloudflare.com/docs/reference/runtime/apis/streams/

@Zibri the cloudflare worker concept is awesome!
i once tried to implement something like it in node. (using node-fetch, fetch-event & fetch-cachestorage) but got abandoned due to some blocking node-fetch issue
maybe will start using cloudflare