Research
Security News
Malicious npm Package Targets Solana Developers and Hijacks Funds
A malicious npm package targets Solana developers, rerouting funds in 2% of transactions to a hardcoded address.
By Socket Research Team - Dec 02, 2024
Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@thrnd/http-proxy
Advanced tools
@thrnd/http-proxy
`@thrnd/http-proxy` will help you when you need to route external services under different paths under single domain.
@thrnd/http-proxy
@thrnd/http-proxy will help you when you need to route external services under different paths under single domain.
Example use cases:
- rewrite cookies set by target service to proxy host (you can disable this feature by setting 'rewriteCookies' to
falsein rewrite record in config file) - rewrite location headers set by target service to proxy host (you can disable this feature by setting 'rewriteRedirect' to
falsein rewrite record in config file) - rewrite urls in html body (you can enable this feature by setting
rewriteBodytotruein rewrite record in config file)
Usage
npx
npx @thrnd/http-proxy -c path/to/your/rewrite.json
docker-compose
Download the contents of the docker folder from this repository and run docker-compose up in the folder.
See the docker/README.md for more information.
Run from source code repository
npm start -c rewrites.json -p 8000
If you want to use the proxy with a different port, you can use the -p flag.
If you want to use a different configuration file, you can use the -c flag.
Changing the host for rewrites
If you want to change the host for cookie and redirect rewrites, you can use the -h flag.
npm start -h https://127.0.0.1.nip.io
Verbosity
To change the verbosity of the proxy, you can use the LOG_LEVEL environment variable.
env "LOG_LEVEL=debug" npm start
All available LOG_LEVELs are:
errorwarninfodebug
Default is info.
Configuration file
The configuration file is a JSON file that contains an array of objects.
Each object has a source and a target property. The source property is the path that you want to proxy.
The target property is the URL that you want to proxy to.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000"
}
]
Rewrite options
response.rewrite.cookies
Use cases: Authorization services, APIs.
If this property is set to true, cookies set by the target service will be rewritten to the proxy host.
response.rewrite.redirects
Use cases: API services, redirects.
If this property is set to true, location headers set by the target service will be rewritten to the proxy host, if they are targeting the proxied service.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"rewrite": {
"redirects": true
}
}
}
]
response.rewrite.rebase
Use cases: SPAs, forms.
You can also set response.rewrite.rebase to true to rewrite the body contents of the request. This is useful if you are having issues with asset urls, form action urls etc.
It will rewrite the body contents of the request to the target url.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"rewrite": {
"rebase": true
}
}
}
]
By default, it will only modify contents of text/html content types. If you want to modify other content types, you can set the rebase.match.contentTypes property to an array of content types.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"rewrite": {
"rebase": {
"match": {
"contentTypes": ["text/html", "application/json"]
}
}
}
}
}
]
matchAbsolutePathsByReferer (CLI)
Use cases: SPAs
default: true
NOTE: This option is set via CLI flag --rebaseAbsolutePathsByReferer, not in the config file.
This option will help if you are proxying a service that requests assets from itself using absolute paths and you cannot or doesn't want to change the base url.
When this option is enabled, if an app requests a resource via an absolute path to itself, the path will automatically be rebased and forwarded to the requesting service.
Example:
SPA proxied under /admin-panel requests /assets/img/logo.png
Browser send request:
GET /assets/img/logo.png HTTP/1.1
Referer: http://localhost:3000/admin-panel/index.html
...
Proxy will check the referer header for matching service and rebase the path to /admin-panel/assets/img/logo.png
warning: In order for this to work properly, request must be made with proper referer header set to requesting service.
response.cors
Use cases: API services
In all use cases:
- the proxy will set the
Access-Control-Allow-Methodsheader toGET, POST, PUT, PATCH, DELETE, OPTIONS. - the proxy will set the
Access-Control-Allow-Headersheader toX-Requested-With, Content-Type, Accept, Origin, Authorization, Cache-Control, Pragma, Expires.
Value of Access-Control-Allow-Origin and Access-Control-Allow-Credentials varies depending on the set value of cors:
true
If this property is set to true, the proxy will add Access-Control-Allow-Origin: * header to the response.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"cors": true
}
}
]
"proxy"
If this property is set to proxy, the proxy will add Access-Control-Allow-Origin: http://{proxy host}:{proxy port} header and Access-Control-Allow-Credentials: true header to the response.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"cors": "proxy"
}
}
]
"referer"
If this property is set to referer, the proxy will add Access-Control-Allow-Origin: http://{referer origin} header and Access-Control-Allow-Credentials: true header to the response.
warning: In order for this to work properly, request must be made with proper referer header set to requesting service.
If referer header is not set, the proxy behaves as if the option is set to proxy.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"cors": "referer"
}
}
]
preflight
Use cases: API services
Default: "auto"
This option controls how the proxy handles preflight requests.
It works only if cors option is set.
If this property is set to false, the proxy will not handle preflight requests. They will be passed to the service.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"cors": {
"mode": true,
"preflight": false
}
}
}
]
If this property is set to true, the proxy will handle preflight requests without passing them to the service.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"cors": {
"mode": true,
"preflight": true
}
}
}
]
If this property is set to "auto", the proxy will handle preflight requests if the service responded with non-200 status code.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"cors": {
"mode": true,
"preflight": "auto"
}
}
}
]
response.headers
NOTE: This operation modifies the response headers of the proxied service before any other operation that modifies the response headers (like cors).
drop
Use cases: API services, SPAs (IFrames, CSP)
If you want to drop any of response headers, you can set the header value to drop or an action to drop.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"headers": {
"X-Frame-Options": "drop",
"Content-Security-Policy": {
"action": "drop"
}
}
}
}
]
set
Use cases: API services, SPAs (IFrames, CSP)
If you want to set any of response headers, you can set the action to set and value to the value you want to set the header to.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"headers": {
"Content-Security-Policy": {
"action": "set",
"value": "default-src 'self'"
}
}
}
}
]
setIfMissing
Use cases: API services, SPAs (IFrames, CSP)
If you want to set any of response headers only if it is not set, you can set the action to setIfMissing and value to the value you want to set the header to.
[
{
"match": {
"path": "/api"
},
"target": "http://localhost:3000",
"response": {
"headers": {
"Content-Security-Policy": {
"action": "setIfMissing",
"value": "default-src 'self'"
}
}
}
}
]
FAQs
`@thrnd/http-proxy` is a proxy service intended for supporting local development. It allows you to quickly define rules that you need to properly run and develop your local services and properly accessing the remote services.
The npm package @thrnd/http-proxy receives a total of 0 weekly downloads. As such, @thrnd/http-proxy popularity was classified as not popular.
We found that @thrnd/http-proxy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Package last updated on 15 Mar 2023
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Research
Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft
Socket researchers have discovered malicious npm packages targeting crypto developers, stealing credentials and wallet data using spyware delivered through typosquats of popular cryptographic libraries.
By Kirill Boychenko - Nov 27, 2024
Security News
Weekly Downloads Now Available in npm Package Search Results
Socket's package search now displays weekly downloads for npm packages, helping developers quickly assess popularity and make more informed decisions.
By Sarah Gooding - Nov 26, 2024