@thrnd/http-proxy
@thrnd/http-proxy
is a proxy service intended for supporting local development. It allows you to quickly
define rules that you need to properly run and develop your local services and properly accessing the remote services.
Example use cases:
- rewrite cookies set by the origin service;
- rewrite location headers set by the origin service;
- rewrite urls in responses from the origin service.
Usage
npx
npx @thrnd/http-proxy -c path/to/your/rewrite.json
docker-compose
Download the contents of the docker
folder from this repository and run docker-compose up
in the folder.
See the docker/README.md for more information.
Run from source code repository
npm start -c rewrites.json -p 8000
If you want to use the proxy with a different port, you can use the -p
flag.
If you want to use a different configuration file, you can use the -c
flag.
Changing the host for rewrites
If you want to change the host for cookie and redirect rewrites, you can use the -h
flag.
npm start -h https://127.0.0.1.nip.io
Verbosity
To change the verbosity of the proxy, you can use the LOG_LEVEL environment variable.
env "LOG_LEVEL=debug" npm start
All available LOG_LEVELs are:
Default is info
.
Configuration file
The configuration file is a JSON file that contains an array of objects.
Each object has a source
and a target
property. The source
property is the path that you want to proxy.
The target
property is the URL that you want to proxy to.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000"
}
]
Rewrite options
response.rewrite.cookies
Use cases: Authorization services, APIs.
If this property is set to true
, cookies set by the target service will be rewritten to the proxy host.
response.rewrite.redirects
Use cases: API services, redirects.
If this property is set to true
, location headers set by the target service will be rewritten to the proxy host, if they are targeting the proxied service.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"rewrite": {
"redirects": true
}
}
}
]
response.rewrite.rebase
Use cases: SPAs, forms.
You can also set response.rewrite.rebase
to true
to rewrite the body contents of the request. This is useful if you are having issues with asset urls, form action urls etc.
It will rewrite the body contents of the request to the target url.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"rewrite": {
"rebase": true
}
}
}
]
By default, it will only modify contents of text/html
content types. If you want to modify other content types, you can set the rebase.match.contentTypes
property to an array of content types.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"rewrite": {
"rebase": {
"match": {
"contentTypes": ["text/html", "application/json"]
}
}
}
}
}
]
matchAbsolutePathsByReferer (CLI)
Use cases: SPAs
default: true
NOTE: This option is set via CLI flag --rebaseAbsolutePathsByReferer
, not in the config file.
This option will help if you are proxying a service that requests assets from itself using absolute paths and you cannot or doesn't want to change the base url.
When this option is enabled, if an app requests a resource via an absolute path to itself, the path will automatically be
rebased and forwarded to the requesting service.
Example:
SPA proxied under /admin-panel
requests /assets/img/logo.png
Browser send request:
GET /assets/img/logo.png HTTP/1.1
Referer: http://localhost:3000/admin-panel/index.html
...
Proxy will check the referer header for matching service and rebase the path to /admin-panel/assets/img/logo.png
warning: In order for this to work properly, request must be made with proper referer header set to requesting service.
response.cors
Use cases: API services
In all use cases:
- the proxy will set the
Access-Control-Allow-Methods
header to GET, POST, PUT, PATCH, DELETE, OPTIONS
. - the proxy will set the
Access-Control-Allow-Headers
header to X-Requested-With, Content-Type, Accept, Origin, Authorization, Cache-Control, Pragma, Expires
.
Value of Access-Control-Allow-Origin
and Access-Control-Allow-Credentials
varies depending on the set value of cors
:
true
If this property is set to true
, the proxy will add Access-Control-Allow-Origin: *
header to the response.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"cors": true
}
}
]
"proxy"
If this property is set to proxy
, the proxy will add Access-Control-Allow-Origin: http://{proxy host}:{proxy port}
header and Access-Control-Allow-Credentials: true
header to the response.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"cors": "proxy"
}
}
]
"referer"
If this property is set to referer
, the proxy will add Access-Control-Allow-Origin: http://{referer origin}
header and Access-Control-Allow-Credentials: true
header to the response.
warning: In order for this to work properly, request must be made with proper referer header set to requesting service.
If referer header is not set, the proxy behaves as if the option is set to proxy
.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"cors": "referer"
}
}
]
preflight
Use cases: API services
Default: "auto"
This option controls how the proxy handles preflight requests.
It works only if cors
option is set.
If this property is set to false
, the proxy will not handle preflight requests. They will be passed to the service.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"cors": {
"mode": true,
"preflight": false
}
}
}
]
If this property is set to true
, the proxy will handle preflight requests without passing them to the service.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"cors": {
"mode": true,
"preflight": true
}
}
}
]
If this property is set to "auto"
, the proxy will handle preflight requests if the service responded with non-200 status code.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"cors": {
"mode": true,
"preflight": "auto"
}
}
}
]
NOTE: This operation modifies the response headers of the proxied service before any other operation that modifies the response headers (like cors
).
drop
Use cases: API services, SPAs (IFrames, CSP)
If you want to drop any of response headers, you can set the header value to drop
or an action
to drop
.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"headers": {
"X-Frame-Options": "drop",
"Content-Security-Policy": {
"action": "drop"
}
}
}
}
]
set
Use cases: API services, SPAs (IFrames, CSP)
If you want to set any of response headers, you can set the action
to set
and value
to the value you want to set the header to.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"headers": {
"Content-Security-Policy": {
"action": "set",
"value": "default-src 'self'"
}
}
}
}
]
setIfMissing
Use cases: API services, SPAs (IFrames, CSP)
If you want to set any of response headers only if it is not set, you can set the action
to setIfMissing
and value
to the value you want to set the header to.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"headers": {
"Content-Security-Policy": {
"action": "setIfMissing",
"value": "default-src 'self'"
}
}
}
}
]