
Security News
Django Joins curl in Pushing Back on AI Slop Security Reports
Django has updated its security policies to reject AI-generated vulnerability reports that include fabricated or unverifiable content.
Simple and fast (built on top of fastify) proxy to bypass CORS issues during prototyping against existing APIs without having to worry about CORS
Simple and fast (built on top of fastify proxy to bypass CORS issues during prototyping against existing APIs without having to worry about CORS
This module was built to solve the issue of getting errors like this:
... has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
npm install -g corsyusha
# or
yarn global add corsyusha
yarn test:jest # Runs Jest with coverage collection
yarn test:coverage # Sends coverage to .coveralls.io
yarn test # yarn test:jest && yarn test:coverage
Let's imagine API endpoint that we want to request that has CORS issues:
https://licenseapi.herokuapp.com/licenses/mit
Start Proxy:
corsyusha --url https://licenseapi.herokuapp.com
Or:
CORSYUSHA_URL=https://licenseapi.herokuapp.com corsyusha
Or you may pull Docker image and run a container:
docker pull lordotu/corsyusha
docker run -dti \
-e CORSYUSHA_URL=https://licenseapi.herokuapp.com \
-e CORSYUSHA_HOST=0.0.0.0 \
-p 8118:8118 \
--name corsyusha \
lordotu/corsyusha
Then in your client code, new API endpoint:
http://localhost:8118/proxy/licenses/mit
End result will be a request to https://licenseapi.herokuapp.com/licenses/mit
without the CORS issues!
Alternatively you can install the package locally:
npm install corsyusha
# or
yarn add corsyusha
And add a script to your project:
"scripts": {
"proxy": "corsyusha --url https://licenseapi.herokuapp.com"
}
Or:
"scripts": {
"proxy": "CORSYUSHA_URL=https://licenseapi.herokuapp.com corsyusha"
}
You may set params via command line args or via env variables. All defaults are stored in .env
file in the root directory.
Only one argument is required: --url
(or CORSYUSHA_URL
if you prefer env variables).
Option | Shorthand | Example | Default |
---|---|---|---|
--url | -u | https://licenseapi.herokuapp.com | |
--port | -p | 8119 | 8118 |
--host | -h | 0.0.0.0 | localhost |
--urlSection | -s | trhough | proxy |
--serverLogging | -l | true | false |
--headers | {"X-Requested-With": "Corsyusha"} | {} | |
--headers | {"X-Requested-With": "Corsyusha"} | {} | |
--origin | -o | http://127.0.0.1 | * |
--reflectOrigin | -r | true | false |
Option | Example | Default |
---|---|---|
CORSYUSHA_URL | https://licenseapi.herokuapp.com | |
CORSYUSHA_PORT | 8119 | 8118 |
CORSYUSHA_HOST | 0.0.0.0 | localhost |
CORSYUSHA_URL_SECTION | trhough | proxy |
CORSYUSHA_SERVER_LOGGING | true | false |
CORSYUSHA_HEADERS | {"X-Requested-With": "Corsyusha"} | {} |
CORSYUSHA_ORIGIN | http://127.0.0.1 | * |
CORSYUSHA_REFLECT_ORIGIN | true | false |
FAQs
Simple and fast (built on top of fastify) proxy to bypass CORS issues during prototyping against existing APIs without having to worry about CORS
The npm package corsyusha receives a total of 14 weekly downloads. As such, corsyusha popularity was classified as not popular.
We found that corsyusha demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Django has updated its security policies to reject AI-generated vulnerability reports that include fabricated or unverifiable content.
Security News
ECMAScript 2025 introduces Iterator Helpers, Set methods, JSON modules, and more in its latest spec update approved by Ecma in June 2025.
Security News
A new Node.js homepage button linking to paid support for EOL versions has sparked a heated discussion among contributors and the wider community.