Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Cors proxies
Service SSL status Response Type Allowed methods Allowed headers Exposed headers Follow redirect Streamable WebSocket Upload limit Download limit Country code Comments
cors-anywhere Mirrored Raw * * * Up to 5x US Require Origin header
cors-anywhere @ glitch Mirrored Raw source
crossorigin.me GET 2MB 2MB US Require Origin header
HTML Driven
Taskcluster * US All request must be made within the request body
Only whitelisted for taskcluster
anyorigin jsonp GET none none US
thingproxy * 100kb 100kb US Max 10 req/sec
Whatever Origin jsonp GET None None US
cors.io Only code mirror Raw GET, HEAD US
Go Between
goxcors Allways 200 Raw * * None US POST type is limited to x-www-form-urlencoded
Have a werd api
Response Type is Allways text/html
YaCDN Not mirrored Raw GET None Up to 22x FR CDN, ignores browsers headers
All Origins Only code in json Json, jsonp, Raw * None US When using raw you loose status information
Cloudflare Cors Anywhere Only code mirror (not statusText) Raw * All but expect Forbidden headers none none none 100,000 requests/day 1,000 requests/10 minutes
@jimmywarting

This comment has been minimized.

Copy link
Owner Author

commented May 1, 2019

For CORS creator

A good cors proxy should

  • allow requested method & headers in preflight request
res.header('Access-Control-Allow-Methods', req.header('Access-Control-Request-Method'))
res.header('Access-Control-Allow-Headers', req.header('Access-Control-Request-Headers')) 
  • Send back
    • responseCode as is
    • responseText as is
    • raw data (in case someone wants to work with binary)
    • and expose all response header that came from making the request
      (and potentially prefix set-cookie & location with something)
  • dose not use example.com/https://google.com but instead uses example.com/?url=https%3A%2F%2Fgoogle.com
    which allows for more option like
    • overriding method
      • &method=POST
    • ignoring headers sent by the browser
      • &ignoreReqHeaders=true // don't forward any headers sent by browser automatically
    • set, delete or append request/response headers that would allow you to send forbidden headers
      • &appendReqHeaders=[['cookie', 'x-foo']] send an additional cookie
      • &setResHeaders=[['cookie', 'x-foo']]] replaces cookies
      • &deleteReqHeaders=['origin'] don't send origin (which some cors api checks for)
    • control redirect (some want to read headers that are sent in the redirect)
      • &followRedirect=false
    • putting the body in url for some reason
      • &body=abc

Stauts

anyorigin, cors.io, htmldriven & crossorigin.me don't seems to not work atm

@Zibri

This comment has been minimized.

Copy link

commented Jul 31, 2019

P.S.

Instead of using someone else's, make you own, it will be stable and really fast!!
Learn how here: https://github.com/Zibri/cloudflare-cors-anywhere

Don't use the demo url, just make your own on cloudflare.
Abuse (other than testing) of the demo will result in a ban.
The demo accepts only fetch and xmlhttprequest do not try it directly.

@emjayess

This comment has been minimized.

Copy link

commented Aug 8, 2019

Instead of using someone else's, make you own, it will be stable and really fast!!
Learn how here: https://github.com/Zibri/cloudflare-cors-anywhere

@Zibri Thanks for sharing. I arrived here thinking the same thing... for CORS, it's risky to rely on any of these fly-by-night services that are outside of your control, as they could stop functioning without warning. And I think it's becoming such a common thing that projects need, that it is sensible for there to just be a utility to mix in to one's own infrastructure.

Cheers :)

@adisa555

This comment has been minimized.

Copy link

commented Aug 8, 2019

@morpc-gohio

Instead of using someone else's, make you own, it will be stable and really fast!!
Learn how here: https://github.com/Zibri/cloudflare-cors-anywhere

P.S.
Don't use the demo url, just make your own on cloudflare.
Abuse (other than testing) of the demo will result in a ban.
The demo accepts only fetch and xmlhttprequest do not try it directly.

I thinking the same idea after reading many articles and forums. It seems to be a great solution if running your own proxy server. till i met this, you did something great! also thanks..

@Zibri

This comment has been minimized.

Copy link

commented Aug 9, 2019

@adisa555 I am very glad that someone undesrtood why that was important and apreciated it.

(Instead many used just the demo like if was just a free services, but the demo has a slightly different code, logs everything and bans people very easily...heheheheh)

@emjayess thanks for your words ... until now it seemed nobody really cared nor understood.

by the way, with a little modification it could be made streamable too...

@jimmywarting

This comment has been minimized.

Copy link
Owner Author

commented Aug 10, 2019

To make something streamable you have to

  • Make a duplex stream from A <-> B
  • You should for example be able to listen to a live .pls radio channel that never ends in a <audio> tag
  • the upload body should be piped to the destination without keeping everything in the memory
@Zibri

This comment has been minimized.

Copy link

commented Aug 11, 2019

Yes.. but with cloudflare is very easy to do is just 2-3 lines of code.
See here: https://workers.cloudflare.com/docs/reference/runtime/apis/streams/

@jimmywarting

This comment has been minimized.

Copy link
Owner Author

commented Aug 16, 2019

@Zibri the cloudflare worker concept is awesome!
i once tried to implement something like it in node. (using node-fetch, fetch-event & fetch-cachestorage) but got abandoned due to some blocking node-fetch issue
maybe will start using cloudflare

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.