Service | SSL | status | Response Type | Allowed methods | Allowed headers | Exposed headers | Follow redirect | Streamable | WebSocket | Upload limit | Download limit | Country code | Comments |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CORS bridged | ✅ | Mirrored | Raw | * | All but expect Forbidden headers | ❓ | ❓ | ❓ | ❓ | 16mb/request | ❓ | US (CA) | Blog for docs & Testing |
cors-anywhere | ✅ | Mirrored | Raw | * | * | * | Up to 5x | ❓ | ❓ | ❓ | ❓ | US | Require Origin header |
cors-anywhere @ glitch | ✅ | Mirrored | Raw | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | source |
thingproxy | ✅ | ❓ | ❓ | * | ❓ | ❓ | ❓ | ❓ | ❓ | 100kb | 100kb | US | Max 10 req/sec |
Whatever Origin | ❌ | ❌ | jsonp | GET | None | None | ❓ | ❌ | ❌ | ❓ | ❓ | US | |
Go Between | ✅ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | |
goxcors | ✅ | Allways 200 | Raw | * | * | None | ✅ | ❓ | ❓ | ❓ | ❓ | US |
POST type is limited to x-www-form-urlencoded Have a werd api Response Type is Allways text/html |
All Origins | ✅ | Only code in json | Json, jsonp, Raw | * | ❌ | None | ✅ | ❓ | ❓ | ❓ | ❓ | US | When using raw you loose status information |
Cloudflare Cors Anywhere | ✅ | Only code mirror (not statusText) | Raw | * | All but expect Forbidden headers | none | ✅ | ❌ | ❓ | none | none | ❓ | 100,000 requests/day 1,000 requests/10 minutes |
JSONProxy | ✅ | ❓ | ❓ | GET | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ |
Possible dead
cors.io | ✅ | Only code mirror | Raw | GET, HEAD | ❓ | ❓ | ✅ | ❓ | ❓ | ❓ | ❓ | US | |
crossorigin.me | ✅ | ❓ | ❓ | GET | ❓ | ❓ | ❓ | ❓ | ❓ | 2MB | 2MB | US | Require Origin header |
HTML Driven | ✅ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | |
Taskcluster | ✅ | ❓ | ❓ | * | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | US | All request must be made within the request body Only whitelisted for taskcluster |
anyorigin | ❌ | ❓ | jsonp | GET | none | none | ❓ | ❌ | ❌ | ❌ | ❓ | US |
Today i have experiment with raw tcp + websocket as a proxy
The problem with cors, browsers and proxies are that they put too much restriction on you and you can't do everything you want to do
here is what i have done so far: https://codesandbox.io/s/late-moon-5mck1
it's basically a reimplementation of fetch with custom redirect mode can send and read all response forbidden headers and support any http method you want
Would be happy to develop this further if someone else knows how someone can reimplement http2, QUIC, TLS 1.3 in the browser using web crypto - that is just beyond my knowledge.