imjacobclark / cors-container Goto Github PK

View Code? Open in Web Editor NEW

190.0 5.0 35.0 265 KB

A CORS proxy in a container (Docker) for when you need to `Access-Control-Allow-Origin: *`!

Home Page: https://cors-container.herokuapp.com

License: MIT License

JavaScript 77.78% HTML 20.43% Dockerfile 1.79%

docker cors permissive-cors cors-proxy

cors-container's Introduction

cors-container

A CORS proxy in a container (Docker) for when you need to Access-Control-Allow-Origin: *!

You can use CORS Container without running it yourself via Heroku (it's on a free tier dyno, so initial startup time may be slow!) https://cors-container.herokuapp.com.

About

If you need permissive CORS for a front-end project, simply deploy this container and proxy your HTTP requests through it.

Once the container is running, you may navigate to http://container-address:3000/https://jacobclark.xyz, cors-container will then proxy the specified resource and transform the original headers to be CORS permissive, whilst keeping origional headers in-tact.

If you intend to use this in production over the open web, ensure the service is locked down with restrictive firewall/access permissions, otherwise any content may be proxied over your server.

I suggest implementing proper CORS headers on your resources and using this for development purposes only.

Relative URL rewriting

cors-container can rewrite relative URLs to full URLs of the response body you have proxied.

For example if we wish to proxy http://blog.jacobclark.xyz/ and cors-container is runinnng on http://localhost:3000/ the request URL would be http://localhost:3000/http://blog.jacobclark.xyz/.

cors-container will rewrite any relative URLs it finds in the proxies response body. For example <a href="/css/style.css"> would be modified to <a href="http://localhost:3000/http://blog.jacobclark.xyz/css/style.css"> in the proxied response.

This can be useful if you wish to be able to pull additional assets on a page through the proxy such as stylesheets and JavaScript.

This is not enabled by default as this option mutates the original response body.

Set rewrite-urls in the request header to cors-cotainer if you want relative URLs rewriting.

Deploying

Docker(hub)

$ docker pull imjacobclark/cors-container
$ docker run --restart=always -d -p 3000:3000 --name cors-container imjacobclark/cors-container

Docker(source)

$ git pull https://github.com/imjacobclark/cors-container.git && cd cors-container
$ docker build -t cors-container .
$ docker run --restart=always -d -p 3000:3000 --name cors-container cors-container

Node

$ git pull https://github.com/imjacobclark/cors-container.git && cd cors-container
$ npm run test && npm start

Thanks to

cors-container's People

Contributors

Stargazers

Watchers

cors-container's Issues

herokuapp seems to be down

https://cors-container.herokuapp.com/ is not working anymore:

Probably since Heroku Free is not available anymore.

Feature Request: White And Black List

Could I set the White List / Black List?

Type-safe CORS Proxy

It would be nice if we could have a type-safe, highly-maintainable, and low cost solution (like the one here https://github.com/chris-bacon/http-proxy-lambda).

Happy to submit a PR if you have any guidance on where to begin.

Add version tag(s)

It would be nice to use this in local development scripts. In order to avoid docker pull every time a container is started, it would be super helpful to have version tags. Then you can just do

docker run --restart=always -d -p 3000:3000 --name cors-container \
  imjacobclark/cors-container:v0.1.2

which will automatically pull the image if missing and use from cache if available.

error on line 1 at column 1: Document is empty

Hello good afternoon

If you can help me

As per images

When trying to use the following url the following error is displayed

error on line 1 at column 1: Document is empty

Written in JavaScript

Hi there,

I've spotted a bug in this code that urgently needs fixing: it's written in JavaScript.

Please can you fix as it is preventing us from running safe code with #PureCodeStrongTypes.

Thanks,
Chris

NPM dependencies out of date

Hi,

Jusrt a small note: I think that the package.json file will need an update because the current version throws a lot of high severity and critical vulnerabilities:

added 145 packages from 433 contributors and audited 270 packages in 7.894s
found 11 vulnerabilities (3 low, 2 moderate, 5 high, 1 critical)
run npm audit fix to fix them, or npm audit for details

Proxy not working correctly

Hey, after running the docker image and testing the proxy, the transferred data is unfortunately corrupted and also missing the CORS headers (maybe because of the data corruption, as the chrome console tells me about an unexpected end of file).

Regarding data integrity, tested with this random cat pic: https://www.tierfreund.de/wp-content/uploads/2016/09/1.jpg

With proxy:

$ sha2 1.jpg
SHA-256 (1.jpg) = 6e667c6dc98d119f27bd58d95e6059b38c0504d2bffecfa8c91c56c33e16f118

$ ls -l@ 1.jpg
-rw-r--r--@ 1 me  staff  487536 12 Feb  2018 1.jpg

Without proxy:

$ sha2 1.jpg.1
SHA-256 (1.jpg.1) = 309141024afd899bb30bad191af2c79b08968fc42be3f8707b9f3541a54c0c66

$ ls -l@ 1.jpg.1
-rw-r--r--  1 me  staff  270958 12 Feb  2018 1.jpg.1

Maybe I did something wrong?

Edit: There seems to be an issue with image data, it can be recreated by looking at https://cors-container.herokuapp.com/https://google.com

Doesn't forward all get parameters in request

I'm trying to proxy a request like this:

https://cors-container.herokuapp.com/https://www.finewineandgoodspirits.com/webapp/wcs/stores/servlet/SearchResultsView?storeId=10051&catalogId=10051&langId=-1&sType=SimpleSearch&resultCatEntryType=2&showResultsPage=true&searchSource=QbeginIndex=0&pageSize=15&sortBy=5&searchTerm=oban&SearchKeyWord=oban#facet:&productBeginIndex:&orderBy:&pageView:&minPrice:&maxPrice:&pageSize:&

But the request that gets sent ends up being:

https://www.finewineandgoodspirits.com/webapp/wcs/stores/servlet/SearchResultsView?storeId=10051

Is there something special I need to do for it to pass along every GET parameter?

ARM support

Is there any chance we can also have this fantastic application for ARM devices? It runs perfectly on my free tier, but I need an ARM image for my internal stuff. Internal IPs cannot be resolved over the internet.

Can't get POST working

Hello,

I tried to use it today but I couldn't get the POST working:

HTTP/1.1 404 Not Found
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Content-Length: 147
Vary: Accept-Encoding
Date: Sat, 15 Sep 2018 07:49:07 GMT
Connection: keep-alive

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>Cannot POST /http://xxxxxx</pre>
</body>

Add arm support

Hi thanks for you work.
Can you add support for arm?

Doesn't send GET parameters further

Hi,

thanks for sharing. When I set a get parameter within the url it doesn't get passed further tho.

Example: http://myproxy.com/http://websitewithnocors:9000/api/resources?metrics=ncloc,coverage,lines,tests

metrics doesn't get sent further

Error 500 trying to access a site that has invalid https certificate

I need to access a crappy website that restrict CORS and has invalid SSL certificates, but fails with error 500... any clue?