@isomorphic-git/cors-proxy
Advanced tools
Comparing version 2.1.0 to 2.2.0
38
index.js
@@ -41,4 +41,14 @@ 'use strict' | ||
] | ||
const allowMethods = [ | ||
'POST', | ||
'GET', | ||
'OPTIONS' | ||
] | ||
const fetch = require('node-fetch') | ||
const cors = require('./micro-cors.js')({allowHeaders, exposeHeaders, origin}) | ||
const cors = require('./micro-cors.js')({ | ||
allowHeaders, | ||
exposeHeaders, | ||
allowMethods, | ||
origin | ||
}) | ||
const allow = require('./allow-request.js') | ||
@@ -55,11 +65,18 @@ | ||
<h1>@isomorphic-git/cors-proxy</h1> | ||
<h2>See docs: <a href="https://npmjs.org/package/${pkg.name}">https://npmjs.org/package/${pkg.name}</a></h2> | ||
<h2>Authenticity</h2> | ||
This is a publicly available service. As such you may wonder if it is safe to trust. | ||
You can inspect the source code that this server is running by visiting this page: <a href="/_src">/_src</a>. | ||
The deploys are immutable, so you can be sure that the code will never change. | ||
<h2>Logging</h2> | ||
The cloud hosting provider keeps log of all requests. That log is public and available on this page: <a href="/_logs">/_logs</a>. | ||
It records the URL, origin IP, referer, and user-agent. None of the sensitive HTTP headers (including those used for | ||
HTTP Basic Auth and HTTP Token auth) are ever logged. | ||
<p>This is the server software that runs on <a href="https://cors.isomorphic-git.org">https://cors.isomorphic-git.org</a> | ||
– a free service (generously sponsored by <a href="https://www.clever-cloud.com/?utm_source=ref&utm_medium=link&utm_campaign=isomorphic-git">Clever Cloud</a>) | ||
for users of <a href="https://isomorphic-git.org">isomorphic-git</a> that enables cloning and pushing repos in the browser.</p> | ||
<p>The source code is hosted on Github at <a href="https://github.com/isomorphic-git/cors-proxy">https://github.com/isomorphic-git/cors-proxy</a></p> | ||
<p>It can also be installed from npm with <code>npm install <a href="https://npmjs.org/package/${pkg.name}">@isomorphic-git/cors-proxy</a></code></p> | ||
<h2>Terms of Use</h2> | ||
<p><b>This free service is provided to you AS IS with no guarantees. | ||
By using this free service, you promise not to use excessive amounts of bandwidth. | ||
</b></p> | ||
<p><b>If you are cloning or pushing large amounts of data your IP address may be banned. | ||
Please run your own instance of the software if you need to make heavy use this service.</b></p> | ||
<h2>Allowed Origins</h2> | ||
This proxy allows git clone / fetch / push / getRemoteInfo requests from these domains: <code>${process.env.ALLOW_ORIGIN || '*'}</code> | ||
</html> | ||
@@ -95,2 +112,3 @@ ` | ||
) | ||
res.statusCode = f.status | ||
for (let h of exposeHeaders) { | ||
@@ -97,0 +115,0 @@ if (h === 'content-length') continue |
{ | ||
"name": "@isomorphic-git/cors-proxy", | ||
"version": "2.1.0", | ||
"version": "2.2.0", | ||
"description": "Proxy clone and push requests for the browser", | ||
"main": "index.js", | ||
"bin": "bin.js", | ||
"scripts": { | ||
@@ -21,4 +22,7 @@ "start": "cross-env micro --listen=tcp://0.0.0.0:$PORT", | ||
"cross-env": "^5.1.4", | ||
"daemonize-process": "^1.0.9", | ||
"micro": "^9.1.4", | ||
"node-fetch": "^2.1.2" | ||
"minimisted": "^2.0.0", | ||
"node-fetch": "^2.1.2", | ||
"tree-kill": "^1.2.0" | ||
}, | ||
@@ -25,0 +29,0 @@ "now": { |
@@ -1,12 +0,50 @@ | ||
# git-cors-proxy | ||
# @isomorphic-git/cors-proxy | ||
## What is this? | ||
This is the software running on https://cors.isomorphic-git.org/ - | ||
a free service (generously sponsored by [Clever Cloud](https://www.clever-cloud.com/?utm_source=ref&utm_medium=link&utm_campaign=isomorphic-git)) | ||
for users of [isomorphic-git](https://isomorphic-git.org) that enables cloning and pushing repos in the browser. | ||
This is the software running on https://git-cors-proxy.now.sh, a free | ||
service for users of isomorphic-git so you can clone and push repos in the browser. | ||
It is derived from https://github.com/wmhilton/cors-buster with added restrictions to reduce the opportunity to abuse the proxy. | ||
Namely, it blocks requests that don't look like valid git requests. | ||
It is derived from https://github.com/wmhilton/cors-buster with added restrictions to prevent abuse. | ||
## Installation | ||
```sh | ||
npm install @isomorphic-git/cors-proxy | ||
``` | ||
## CLI usage | ||
Start proxy on default port 9999: | ||
```sh | ||
cors-proxy start | ||
``` | ||
Start proxy on a custom port: | ||
```sh | ||
cors-proxy start -p 9889 | ||
``` | ||
Start proxy in daemon mode. It will write the PID of the daemon process to `$PWD/cors-proxy.pid`: | ||
```sh | ||
cors-proxy start -d | ||
``` | ||
Kill the process with the PID specified in `$PWD/cors-proxy.pid`: | ||
```sh | ||
cors-proxy stop | ||
``` | ||
## Configuration | ||
Environment variables: | ||
- `PORT` the port to listen to (if run with `npm start`) | ||
- `ALLOW_ORIGIN` the value for the 'Access-Control-Allow-Origin' CORS header | ||
## License | ||
This work is released under [The MIT License](https://opensource.org/licenses/MIT) |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
11048
10
253
51
6
3
2
+ Addeddaemonize-process@^1.0.9
+ Addedminimisted@^2.0.0
+ Addedtree-kill@^1.2.0
+ Addeddaemonize-process@1.0.9(transitive)
+ Addedminimist@1.2.8(transitive)
+ Addedminimisted@2.0.1(transitive)
+ Addedtree-kill@1.2.2(transitive)