github.com/shivam010/bypass-cors
Note: This repository and project is for educational and testing purposes only, any illegal or bad use of project or its hosted service
https://non-cors.herokuapp.comis solely the responsibility of the users using it. Me or the contributors has nothing to do with that.
Also, the hosted service https://non-cors.herokuapp.com has been disabled for now, for safety. Sorry for any inconvenience.
a proxy server to bypass CORS (Cross-Origin Resource Sharing) enabled servers
Proxy your requests just by prefixing your request URL with: https://non-cors.herokuapp.com/ with all the headers and payload as it is.
Browsers enforce same origin policy (CORS) to protect the users from XSS (Cross Site Scripting) among several other types of attacks.
In short, browsers blocks all the requests which are not originated from the same origin as that of the web-page.
But this feature banes the developer from accessing data from different servers. Luckily, there's a way out of this, and that's what bypass-cors uses.
bypass-cors proxy CORS ?Whenever we make a cross origin request, browsers set a request header called Origin, to give the information about the requester, and uses the CORS policy to block the non-origin requests.
And checks the Response Header for Access-Control header values according to CORS policy.
Hence, if we can change the response headers in our favor than we can easily tricks the browser, and this is what the bypass-cors proxy server does.
It acts as a middleware and make request to the destined server, obtain response, and adds/sets some relevant headers with the response and sends it back to you, tricking the browser.
Proxy your requests just by prefixing your request URL with: https://non-cors.herokuapp.com/ with all the headers and payload as it is.
bypass-cors supports all types of http.Method requests.
https://non-cors.herokuapp.com/<Your-URL>+ Request Header & Body (if any)
GET https://joke-api-strict-cors.appspot.com/jokes/ten ==> GET https://non-cors.herokuapp.com/https://joke-api-strict-cors.appspot.com/jokes/ten
Changes and improvements are more than welcome!
Feel free to fork, create issues or pull a request here.
Please make your changes in a specific branch and request to pull into master! If you can please make sure that the changes work properly and does not affect the functioning of the website before sending a Pull Request, as that will help speed up the process.
The application, its design and its code all are licensed under the MIT license.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.