Service | SSL | status | Response Type | Allowed methods | Allowed headers | Exposed headers | Follow redirect | Streamable | WebSocket | Upload limit | Download limit | Country code | Comments |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CORS bridged | ✅ | Mirrored | Raw | * | All but expect Forbidden headers | ❓ | ❓ | ❓ | ❓ | 16mb/request | ❓ | US (CA) | Blog for docs & Testing |
cors-anywhere | ✅ | Mirrored | Raw | * | * | * | Up to 5x | ❓ | ❓ | ❓ | ❓ | US | Require Origin header |
cors-anywhere @ glitch | ✅ | Mirrored | Raw | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | source |
thingproxy | ✅ | ❓ | ❓ | * | ❓ | ❓ | ❓ | ❓ | ❓ | 100kb | 100kb | US | Max 10 req/sec |
Whatever Origin | ❌ | ❌ | jsonp | GET | None | None | ❓ | ❌ | ❌ | ❓ | ❓ | US | |
Go Between | ✅ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | |
goxcors | ✅ | Allways 200 | Raw | * | * | None | ✅ | ❓ | ❓ | ❓ | ❓ | US |
POST type is limited to x-www-form-urlencoded Have a werd api Response Type is Allways text/html |
All Origins | ✅ | Only code in json | Json, jsonp, Raw | * | ❌ | None | ✅ | ❓ | ❓ | ❓ | ❓ | US | When using raw you loose status information |
Cloudflare Cors Anywhere | ✅ | Only code mirror (not statusText) | Raw | * | All but expect Forbidden headers | none | ✅ | ❌ | ❓ | none | none | ❓ | 100,000 requests/day 1,000 requests/10 minutes |
JSONProxy | ✅ | ❓ | ❓ | GET | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ |
Possible dead
cors.io | ✅ | Only code mirror | Raw | GET, HEAD | ❓ | ❓ | ✅ | ❓ | ❓ | ❓ | ❓ | US | |
crossorigin.me | ✅ | ❓ | ❓ | GET | ❓ | ❓ | ❓ | ❓ | ❓ | 2MB | 2MB | US | Require Origin header |
HTML Driven | ✅ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | |
Taskcluster | ✅ | ❓ | ❓ | * | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | ❓ | US | All request must be made within the request body Only whitelisted for taskcluster |
anyorigin | ❌ | ❓ | jsonp | GET | none | none | ❓ | ❌ | ❌ | ❌ | ❓ | US |
@softmarshmallow Will do!
Do you know if they allow sending/reading headers in some other form other than directly onto the request headers?
Browsers blocks some request headers from being sent & read
Another issue that one of my private CORS proxy is solving is the ability to set/remove certain headers on the request/response
i know that some REST Apis with CORS enabled already exist but they really limit it to there own domain by checking if
http://example.com
is allowed to make request tohttp://api.example.com
by looking at the origin header so there is no way to fake that I'm making a request fromhttp://example.com
if i'm not allowed to set a forbidden headerorigin