Skip to content

Instantly share code, notes, and snippets.

@jimmywarting
Last active February 6, 2023 03:15
Embed
What would you like to do?
Cors proxies
Service SSL status Response Type Allowed methods Allowed headers Exposed headers Follow redirect Streamable WebSocket Upload limit Download limit Country code Comments
CORS bridged Mirrored Raw * All but expect Forbidden headers 16mb/request US (CA) Blog for docs & Testing
cors-anywhere Mirrored Raw * * * Up to 5x US Require Origin header
cors-anywhere @ glitch Mirrored Raw source
thingproxy * 100kb 100kb US Max 10 req/sec
Whatever Origin jsonp GET None None US
Go Between
goxcors Allways 200 Raw * * None US POST type is limited to x-www-form-urlencoded
Have a werd api
Response Type is Allways text/html
YaCDN Not mirrored Raw GET None Up to 22x FR CDN, ignores browsers headers
All Origins Only code in json Json, jsonp, Raw * None US When using raw you loose status information
Cloudflare Cors Anywhere Only code mirror (not statusText) Raw * All but expect Forbidden headers none none none 100,000 requests/day 1,000 requests/10 minutes
JSONProxy GET

Possible dead

cors.io Only code mirror Raw GET, HEAD US
crossorigin.me GET 2MB 2MB US Require Origin header
HTML Driven
Taskcluster * US All request must be made within the request body
Only whitelisted for taskcluster
anyorigin jsonp GET none none US
@jimmywarting
Copy link
Author

@softmarshmallow Will do!

Do you know if they allow sending/reading headers in some other form other than directly onto the request headers?
Browsers blocks some request headers from being sent & read

Another issue that one of my private CORS proxy is solving is the ability to set/remove certain headers on the request/response

new Headers({
   // send a cookie that is forbidden otherwise
  'x-cors-set-request-headers': 'cookie: value',

  // pretend that i'm making a request from another origin
  'x-cors-set-request-headers': 'origin: example.com',

  // Remove restriction that don't allow page to work in a iframe
  'x-cors-delete-response-headers': 'csp', 
  'x-cors-delete-response-headers': 'X-Frame-Options',

  // override text/plain so it can render properly
  'x-cors-set-response-headers': "content-type: text/html"
})

i know that some REST Apis with CORS enabled already exist but they really limit it to there own domain by checking if
http://example.com is allowed to make request to http://api.example.com by looking at the origin header so there is no way to fake that I'm making a request from http://example.com if i'm not allowed to set a forbidden header origin

@foxt
Copy link

foxt commented Mar 29, 2022

The "I don't want to host this myself" state of affairs April 2021:

  • CORS Bridged: Requires signup
  • cors-anywhere: Requires opt in
  • cors-anywhere glitch: Suspended
  • thingproxy: Wrong link, dead anyway
  • whateverorigin: Dead
  • gobetween: Dead
  • goxcors: Dead
  • Yacdn: Dead
  • Allorigins: Works (some gzip issues)
  • Cloudflare CORS: Broken
  • JSON Proxy: Dead

@jimmywarting
Copy link
Author

jimmywarting commented Mar 29, 2022

This list was shared/copied a lot, probably the reason why many is dead now.

@FN-FAL113
Copy link

FN-FAL113 commented May 19, 2022

and most of the shared repo here for cloudflare workers are not working anymore but glad I found all origins, it saved me a lot of time. Cloudflare-cors-anywhere doens't work with cloudflare workers that returns a json body due to 403 forbidden headers (when I do the fetch inside the worker panel it works fine) but it works on graphql queries though from my use case

@hoangvu12
Copy link

I just made this with almost all the options that @jimmywarting suggested. Haven't tested much but it should works :)

@mariusbolik
Copy link

Can you add https://corsproxy.io? It's made by my company and many other companies use it to develop javascript applications. It's made in Germany, 100% gdpr compliant and runs on a global CDN. We currently serve 2.5 Mio requests per day :)

@hoangvu12
Copy link

Can you add https://corsproxy.io? It's made by my company and many other companies use it to develop javascript applications. It's made in Germany, 100% gdpr compliant and runs on a global CDN. We currently serve 2.5 Mio requests per day :)

Looks promising, it would be really nice if it has query options to modify the proxy request like adding or removing headers. Great work!

@mariusbolik
Copy link

Looks promising, it would be really nice if it has query options to modify the proxy request like adding or removing headers. Great work!

Thank you for the feedback! We‘ll definitively add this feature. It may takes two to three weeks :)

@dotspencer
Copy link

👍 for https://corsproxy.io

Site is awesome.

@vsn530
Copy link

vsn530 commented Jun 7, 2022

Can we find documentation about this https://corsproxy.io/ @mariusbolik .

@vsn530
Copy link

vsn530 commented Jun 7, 2022

Can you add https://corsproxy.io? It's made by my company and many other companies use it to develop javascript applications. It's made in Germany, 100% gdpr compliant and runs on a global CDN. We currently serve 2.5 Mio requests per day :)

is it safe to use

@foxt
Copy link

foxt commented Jun 7, 2022

@vsn530 Assuming Marius was being 100% honest (I don't doubt he was), the claim is thei're GDPR compliant and have no logs. (which if they're based in Germany, violating is a hefty fine!), but anyway you shouldn't be sending highly confidential data/credentials through a free proxy you don't own.

@hoangvu12
Copy link

@vsn530 Assuming Marius was being 100% honest (I don't doubt he was), the claim is thei're GDPR compliant and have no logs. (which if they're based in Germany, violating is a hefty fine!), but anyway you shouldn't be sending highly confidential data/credentials through a free proxy you don't own.

To avoid that you should just setup your own server. The corsproxy.io just for things that don't contain important data and not worth to create a server for them.

By the way I'm still waiting for their request headers modify feature ;D

@sw-yx
Copy link

sw-yx commented Jun 11, 2022

@softmarshmallow unfortunately I tried your service and you're not setting the right headers for me to make requests from the frontend

image

@foxt
Copy link

foxt commented Jun 13, 2022

@sw-yx cors.bridged.cc requires an API key now see https://github.com/gridaco/base/issues/23 for more information

@bytezeroseven
Copy link

Can you add https://corsproxy.io? It's made by my company and many other companies use it to develop javascript applications. It's made in Germany, 100% gdpr compliant and runs on a global CDN. We currently serve 2.5 Mio requests per day :)

Is it going to be reliable? I mean will it get shut down like the other ones at some point in the future? It works great.

@mariusbolik
Copy link

Hi @bytezeroseven,

thank you for your message and sorry for the bit delayed answer. I’m glad you like https://corsproxy.io.

Our Network also runs a lot bigger services than our CORS Proxy. We have enough computing power to run the project in the long term. We are also adding a newsletter to the site very soon so that users can receive early notification of outages and maintenance. And we are planning to add some premium features to refinance the project to make sure it lasts a long time. :)

Regards,
Marius

@femke77
Copy link

femke77 commented Aug 23, 2022

just left a request for an api key at cors.bridged.cc. Its just for a few students to do some projects with apis they want to use. I'll update on the process - see if I get an answer, a key, etc. For now we are using corsproxy.io. I can't believe how fast it is.

@hoangvu12
Copy link

Hi @bytezeroseven,

thank you for your message and sorry for the bit delayed answer. I’m glad you like https://corsproxy.io.

Our Network also runs a lot bigger services than our CORS Proxy. We have enough computing power to run the project in the long term. We are also adding a newsletter to the site very soon so that users can receive early notification of outages and maintenance. And we are planning to add some premium features to refinance the project to make sure it lasts a long time. :)

Regards, Marius

Will modify request/response feature (add request headers, etc...) be added?

@newadventure079
Copy link

@mariusbolik Does corsproxy.io follow redirects?

@mariusbolik
Copy link

Will modify request/response feature (add request headers, etc...) be added?

Yes, this is on our roadmap!

@softmarshmallow
Copy link

softmarshmallow commented Aug 27, 2022

Just pinging in. I'm preparing my cors.bridged.cc back to free & public again. with the new domain under https://cors.sh/ (It's not online for now)
This might take some time for me, few weeks, may be a month. I'll let the subscribers here know once the service is ready. :)

@femke77
Copy link

femke77 commented Aug 28, 2022

corsproxy helped me with the toughest api that none of the other proxies were set up right for. It’s full service. Love it! Thank you!

@femke77
Copy link

femke77 commented Aug 28, 2022

@mariusbolik your proxy is amazing! Thank you. We are using it for educational reasons, nothing big or serious, but it helps our students use the APIs they actually like.

@mariusbolik
Copy link

@femke77 thank you! I appreciate your words!

@Dominic-wells
Copy link

@mariusbolik I have a project due for my university course this week and we can't have the examiner use any browser addons that would bypass the cors error.

Your service has saved me, If this project was not here I would not be able to gain my qualification.

Thank you and thanks to anyone involved, I just wish I knew the words to express my thanks.

@thinhdinhlca
Copy link

Using @mariusbolik 's service for the first time today and it has worked super fine for me. Thanks for the great work!

@newadventure079
Copy link

@mariusbolik Does corsproxy.io follow redirects?

@alex-jitbit
Copy link

@mariusbolik thank you for your service, I'm using it for another free service at https://ec2instances.github.io/ works like a charm!

@hoangvu12
Copy link

@mariusbolik Have headers modification feature been added? Thanks for such a great service anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment