Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@thrnd/http-proxy

Package Overview
Dependencies
Maintainers
2
Versions
5
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@thrnd/http-proxy

`@thrnd/http-proxy` is a proxy service intended for supporting local development. It allows you to quickly define rules that you need to properly run and develop your local services and properly accessing the remote services.

  • 1.5.2
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
2
Created
Source

@thrnd/http-proxy

@thrnd/http-proxy is a proxy service intended for supporting local development. It allows you to quickly define rules that you need to properly run and develop your local services and properly accessing the remote services.

Example use cases:

  • rewrite cookies set by the origin service;
  • rewrite location headers set by the origin service;
  • rewrite urls in responses from the origin service.

Usage

npx

npx @thrnd/http-proxy -c path/to/your/rewrite.json

docker-compose

Download the contents of the docker folder from this repository and run docker-compose up in the folder.

See the docker/README.md for more information.

Run from source code repository

npm start -c rewrites.json -p 8000

If you want to use the proxy with a different port, you can use the -p flag.
If you want to use a different configuration file, you can use the -c flag.

Changing the host for rewrites

If you want to change the host for cookie and redirect rewrites, you can use the -h flag.

npm start -h https://127.0.0.1.nip.io
Verbosity

To change the verbosity of the proxy, you can use the LOG_LEVEL environment variable.

env "LOG_LEVEL=debug" npm start

All available LOG_LEVELs are:

  • error
  • warn
  • info
  • debug

Default is info.

Configuration file

The configuration file is a JSON file that contains an array of objects.
Each object has a source and a target property. The source property is the path that you want to proxy.
The target property is the URL that you want to proxy to.

[
  {
    "match": {
      "path": "/api"
    },
    "target": "http://localhost:3000"
  }
]

Rewrite options

response.rewrite.cookies

Use cases: Authorization services, APIs.

If this property is set to true, cookies set by the target service will be rewritten to the proxy host.

response.rewrite.redirects

Use cases: API services, redirects.

If this property is set to true, location headers set by the target service will be rewritten to the proxy host, if they are targeting the proxied service.

[
  {
    "match": {
      "path": "/api"
    },
    "target": "http://localhost:3000",
    "response": {
      "rewrite": {
        "redirects": true
      }
    }
  }
]

response.rewrite.rebase

Use cases: SPAs, forms.

You can also set response.rewrite.rebase to true to rewrite the body contents of the request. This is useful if you are having issues with asset urls, form action urls etc. It will rewrite the body contents of the request to the target url.

[
  {
    "match": {
      "path": "/api"
    },
    "target": "http://localhost:3000",
    "response": {
      "rewrite": {
        "rebase": true
      }
    }
  }
]

By default, it will only modify contents of text/html content types. If you want to modify other content types, you can set the rebase.match.contentTypes property to an array of content types.

[
  {
    "match": {
      "path": "/api"
    },
    "target": "http://localhost:3000",
    "response": {
      "rewrite": {
        "rebase": {
          "match": {
            "contentTypes": ["text/html", "application/json"]
          }
        }
      }
    }
  }
]

matchAbsolutePathsByReferer (CLI)

Use cases: SPAs default: true

NOTE: This option is set via CLI flag --rebaseAbsolutePathsByReferer, not in the config file.

This option will help if you are proxying a service that requests assets from itself using absolute paths and you cannot or doesn't want to change the base url.

When this option is enabled, if an app requests a resource via an absolute path to itself, the path will automatically be rebased and forwarded to the requesting service.

Example: SPA proxied under /admin-panel requests /assets/img/logo.png Browser send request:

GET /assets/img/logo.png HTTP/1.1
Referer: http://localhost:3000/admin-panel/index.html
...

Proxy will check the referer header for matching service and rebase the path to /admin-panel/assets/img/logo.png

warning: In order for this to work properly, request must be made with proper referer header set to requesting service.

response.cors

Use cases: API services

In all use cases:

  • the proxy will set the Access-Control-Allow-Methods header to GET, POST, PUT, PATCH, DELETE, OPTIONS.
  • the proxy will set the Access-Control-Allow-Headers header to X-Requested-With, Content-Type, Accept, Origin, Authorization, Cache-Control, Pragma, Expires.

Value of Access-Control-Allow-Origin and Access-Control-Allow-Credentials varies depending on the set value of cors:

true

If this property is set to true, the proxy will add Access-Control-Allow-Origin: * header to the response.

[
  {
    "match": {
      "path": "/api"
    },
    "target": "http://localhost:3000",
    "response": {
      "cors": true
    }
  }
]
"proxy"

If this property is set to proxy, the proxy will add Access-Control-Allow-Origin: http://{proxy host}:{proxy port} header and Access-Control-Allow-Credentials: true header to the response.

[
  {
    "match": {
      "path": "/api"
    },
    "target": "http://localhost:3000",
    "response": {
      "cors": "proxy"
    }
  }
]
"referer"

If this property is set to referer, the proxy will add Access-Control-Allow-Origin: http://{referer origin} header and Access-Control-Allow-Credentials: true header to the response. warning: In order for this to work properly, request must be made with proper referer header set to requesting service.
If referer header is not set, the proxy behaves as if the option is set to proxy.

[
  {
    "match": {
      "path": "/api"
    },
    "target": "http://localhost:3000",
    "response": {
      "cors": "referer"
    }
  }
]

preflight

Use cases: API services
Default: "auto"

This option controls how the proxy handles preflight requests.

It works only if cors option is set.

If this property is set to false, the proxy will not handle preflight requests. They will be passed to the service.

[
  {
    "match": {
      "path": "/api"
    },
    "target": "http://localhost:3000",
    "response": {
      "cors": {
        "mode": true,
        "preflight": false
      }
    }
  }
]

If this property is set to true, the proxy will handle preflight requests without passing them to the service.

[
  {
    "match": {
      "path": "/api"
    },
    "target": "http://localhost:3000",
    "response": {
      "cors": {
        "mode": true,
        "preflight": true
      }
    }
  }
]

If this property is set to "auto", the proxy will handle preflight requests if the service responded with non-200 status code.

[
  {
    "match": {
      "path": "/api"
    },
    "target": "http://localhost:3000",
    "response": {
      "cors": {
        "mode": true,
        "preflight": "auto"
      }
    }
  }
]

response.headers

NOTE: This operation modifies the response headers of the proxied service before any other operation that modifies the response headers (like cors).

drop

Use cases: API services, SPAs (IFrames, CSP)

If you want to drop any of response headers, you can set the header value to drop or an action to drop.

[
  {
    "match": {
      "path": "/api"
    },
    "target": "http://localhost:3000",
    "response": {
      "headers": {
        "X-Frame-Options": "drop",
        "Content-Security-Policy": {
          "action": "drop"
        }
      }
    }
  }
]
set

Use cases: API services, SPAs (IFrames, CSP)

If you want to set any of response headers, you can set the action to set and value to the value you want to set the header to.

[
  {
    "match": {
      "path": "/api"
    },
    "target": "http://localhost:3000",
    "response": {
      "headers": {
        "Content-Security-Policy": {
          "action": "set",
          "value": "default-src 'self'"
        }
      }
    }
  }
]
setIfMissing

Use cases: API services, SPAs (IFrames, CSP)

If you want to set any of response headers only if it is not set, you can set the action to setIfMissing and value to the value you want to set the header to.

[
  {
    "match": {
      "path": "/api"
    },
    "target": "http://localhost:3000",
    "response": {
      "headers": {
        "Content-Security-Policy": {
          "action": "setIfMissing",
          "value": "default-src 'self'"
        }
      }
    }
  }
]

FAQs

Package last updated on 11 Oct 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc