Service | SSL | status | Response Type | Allowed methods | Allowed headers | Exposed headers | Follow redirect | Streamable | WebSocket | Upload limit | Download limit | Country code | Comments |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CORS bridged | Mirrored | Raw | * | All but expect Forbidden headers | 16mb/request | US (CA) | Blog for docs & Testing | ||||||
cors-anywhere | Mirrored | Raw | * | * | * | Up to 5x | US | Require Origin header | |||||
cors-anywhere @ glitch | Mirrored | Raw | source | ||||||||||
thingproxy | * | 100kb | 100kb | US | Max 10 req/sec | ||||||||
Whatever Origin | jsonp | GET | None | None | US | ||||||||
Go Between | |||||||||||||
goxcors | Allways 200 | Raw | * | * | None | US |
POST type is limited to x-www-form-urlencoded Have a werd api Response Type is Allways text/html |
||||||
YaCDN | Not mirrored | Raw | GET | None | Up to 22x | FR | CDN, ignores browsers headers | ||||||
All Origins | Only code in json | Json, jsonp, Raw | * | None | US | When using raw you loose status information | |||||||
Cloudflare Cors Anywhere | Only code mirror (not statusText) | Raw | * | All but expect Forbidden headers | none | none | none | 100,000 requests/day 1,000 requests/10 minutes | |||||
JSONProxy | GET |
Possible dead
cors.io | Only code mirror | Raw | GET, HEAD | US | |||||||||
crossorigin.me | GET | 2MB | 2MB | US | Require Origin header | ||||||||
HTML Driven | |||||||||||||
Taskcluster | * | US | All request must be made within the request body Only whitelisted for taskcluster |
||||||||||
anyorigin | jsonp | GET | none | none | US |
@softmarshmallow Will do!
Do you know if they allow sending/reading headers in some other form other than directly onto the request headers?
Browsers blocks some request headers from being sent & read
Another issue that one of my private CORS proxy is solving is the ability to set/remove certain headers on the request/response
i know that some REST Apis with CORS enabled already exist but they really limit it to there own domain by checking if
http://example.com
is allowed to make request tohttp://api.example.com
by looking at the origin header so there is no way to fake that I'm making a request fromhttp://example.com
if i'm not allowed to set a forbidden headerorigin