Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@eeacms/volto-corsproxy
Advanced tools
volto-corsproxy
Volto add-on
Features
This package enables fetching data from third-party servers through the Volto HTTP server, this way bypassing any CORS security restrictions imposed by the browser.
The way it does this is by providing a pass-through CORS proxy server on the
path (configurable) /cors-proxy path. For example, any requests made to the
URL http://localhost:3000/cors-proxy/http://example.com/ will be piped to
the http://example.com website, through the Volto node server.
As you wouldn't want to provide an open proxy, all proxied destinations need to
be configured either via settings.allowed_cors_destinations (which takes
a list of hostnames) or an environment variable called
RAZZLE_ALLOWED_CORS_DESTINATIONS (where you need to provide a comma-separated
list of hostnames).
For example:
settings.allowed_cors_destinations = ['eea.europa.eu', 'plone.org']
or:
RAZZLE_ALLOWED_CORS_DESTINATIONS=eea.europa.eu,plone.org yarn start
As a convenience feature for dealing with third-party API endpoints, there's
a new action available, getProxiedExternalContent, somewhat similar to
Volto's getContent. Call it like: getProxiedExternalContent(thirdpartyurl)
and it will make that async content available in the Redux content reducer, at
store.content.subrequests[thirdpartyurl].
Getting started
Try volto-corsproxy with Docker
git clone https://github.com/eea/volto-corsproxy.git
cd volto-corsproxy
make
make start
Go to http://localhost:3000
Add volto-corsproxy to your Volto project
-
Make sure you have a Plone backend up-and-running at http://localhost:8080/Plone
docker compose up backend -
Start Volto frontend
-
If you already have a volto project, just update
package.json:"addons": [ "@eeacms/volto-corsproxy" ], "dependencies": { "@eeacms/volto-corsproxy": "*" } -
If not, create one:
npm install -g yo @plone/generator-volto yo @plone/volto my-volto-project --canary --addon @eeacms/volto-corsproxy cd my-volto-project
-
Install new add-ons and restart Volto:
yarn yarn start -
Go to http://localhost:3000
-
Happy editing!
Release
See RELEASE.md.
How to contribute
See DEVELOP.md.
Copyright and license
The Initial Owner of the Original Code is European Environment Agency (EEA). All Rights Reserved.
See LICENSE.md for details.
Funding
FAQs
volto-corsproxy: Volto add-on
The npm package @eeacms/volto-corsproxy receives a total of 197 weekly downloads. As such, @eeacms/volto-corsproxy popularity was classified as not popular.
We found that @eeacms/volto-corsproxy demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 10 open source maintainers collaborating on the project.
Package last updated on 22 Apr 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024