├── test ├── mocha.opts └── main.spec.js ├── .browserslistrc ├── .travis.yml ├── postcss.config.js ├── .gitignore ├── .dockerignore ├── Dockerfile ├── main.js ├── .eslintrc.js ├── server ├── express-cleanurl.js ├── middleware │ └── filter-compression.js ├── express-cors.js └── main.js ├── LICENSE.md ├── views ├── css │ └── styles.css └── index.mustache ├── package.json ├── README.md ├── .stylelintrc └── .snyk /test/mocha.opts: -------------------------------------------------------------------------------- 1 | --reporter spec 2 | --ui bdd -------------------------------------------------------------------------------- /.browserslistrc: -------------------------------------------------------------------------------- 1 | # Browsers that we support 2 | 3 | > 1% 4 | Last 2 versions 5 | IE 10 -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: node_js 2 | node_js: 3 | - "8" 4 | - "9" 5 | - "node" 6 | -------------------------------------------------------------------------------- /postcss.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | plugins: [ 3 | require("cssnano")({ 4 | preset: "advanced", 5 | }), 6 | ], 7 | }; -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | 3 | todo.md 4 | *.log 5 | 6 | node_modules 7 | coverage 8 | 9 | VERSION* 10 | 11 | build.css 12 | middleware/filter-compression.js -------------------------------------------------------------------------------- /.dockerignore: -------------------------------------------------------------------------------- 1 | .DS_Store 2 | 3 | todo.md 4 | *.log 5 | 6 | node_modules 7 | coverage 8 | 9 | VERSION* 10 | 11 | build.css 12 | filter-compression.js 13 | 14 | yarn.lock 15 | .travis.yml 16 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # use alpine linux with node and yarn and the user "node" 2 | FROM node:alpine 3 | 4 | ENV NPM_CONFIG_LOGLEVEL warn 5 | # ENV NODE_ENV production 6 | 7 | # set the working directory 8 | WORKDIR /app 9 | # copy current ("./") directory into the working directory 10 | ADD . /app 11 | 12 | # install from package.json 13 | RUN yarn 14 | 15 | # classic express port 16 | EXPOSE 3000 17 | 18 | # run the startup script. 19 | # if none is defined, $ yarn start defaults to $ node server.js 20 | CMD [ "yarn", "start" ] 21 | #CMD [ "tail", "-f" ,"/dev/null" ] 22 | 23 | -------------------------------------------------------------------------------- /main.js: -------------------------------------------------------------------------------- 1 | /** 2 | * corsify 3 | * A tiny transparent proxy. The benefit: it adds the CORS-headers! 4 | * Why? It prevents Cross Domain Errors. 5 | * 6 | * @example 7 | * Run $ yarn && yarn start, afterwards go to http://localhost:3000/ 8 | * 9 | * http://localhost:3000/http://google.com 10 | * 11 | * 12 | * @copyright 2016, 2017 Martin Krause (http://martinkr.github.io) 13 | * @license MIT license: https://opensource.org/licenses/MIT 14 | * 15 | * @author Martin Krause 16 | */ 17 | 18 | // load app 19 | const app = require('./server/main'); 20 | 21 | // export app for supertest 22 | module.exports = app; 23 | 24 | -------------------------------------------------------------------------------- /.eslintrc.js: -------------------------------------------------------------------------------- 1 | 2 | /* eslint-env browser, node */ 3 | /* eslint-env browser */ 4 | /* eslint-env node */ 5 | 6 | /* eslint-env es6 */ 7 | /* eslint-env node, mocha */ 8 | 9 | module.exports = { 10 | "root": true, 11 | "extends": "eslint:recommended", 12 | "parserOptions": { 13 | "ecmaVersion": 7, 14 | "ecmaFeatures": { 15 | "experimentalObjectRestSpread": true 16 | } 17 | }, 18 | "env": { 19 | "node": true, 20 | "es6": true 21 | }, 22 | 23 | "globals": { 24 | 25 | }, 26 | 27 | "rules": { 28 | "no-undef": "off" 29 | } 30 | } 31 | 32 | // sane 33 | // preserve native functionality 34 | // explicit, readable code 35 | // be as verboose as possible 36 | -------------------------------------------------------------------------------- /server/express-cleanurl.js: -------------------------------------------------------------------------------- 1 | /** 2 | * @module server/express-cleanurl 3 | * @description 4 | * A simple express script for cleaning up urls. 5 | * The script ensures that there's no empty response. 6 | * 7 | * @copyright 2016, 2017 Martin Krause (http://martinkr.github.io) 8 | * @license MIT license: https://opensource.org/licenses/MIT 9 | * 10 | * @author Martin Krause 11 | * 12 | */ 13 | 14 | /** 15 | * Recursive cleaning of the string 16 | * @param {String} string the string to clean 17 | * @returns {String} the cleaned string 18 | */ 19 | const cleanUrl = (string) => { 20 | // if it's only a "/", keep it 21 | if (string.startsWith("/") && string.length > 1) { 22 | string = cleanUrl(string.slice(1)); 23 | return string; 24 | } else { 25 | return string; 26 | } 27 | }; 28 | 29 | module.exports = cleanUrl; -------------------------------------------------------------------------------- /server/middleware/filter-compression.js: -------------------------------------------------------------------------------- 1 | // /** 2 | // * @module express-middleware-cors 3 | // * @description 4 | // * A simple express CORS middleware. 5 | // * Sets the CORS-headers. 6 | // * 7 | // * @copyright 2016, 2017 Martin Krause (http://martinkr.github.io) 8 | // * @license MIT license: https://opensource.org/licenses/MIT 9 | // * 10 | // * @author Martin Krause 11 | // * 12 | // */ 13 | 14 | // const compression = require("compression"); 15 | 16 | // module.exports = compressionFilter = (req, res) => { 17 | // if (res.getHeader("X-corsify") === "splash") { 18 | // res.setHeader("X-corsify", `${res.getHeader("X-corsify")}, gzip`); 19 | // // console.log("compression > YES for ", req.url) 20 | // // fallback to standard filter function 21 | // return compression.filter(req, res) 22 | // } 23 | // // console.log("compression > NO for ", req.url) 24 | // return false 25 | 26 | // }; -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016, 2017 Martin Krause (http://martinkr.github.io) 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /server/express-cors.js: -------------------------------------------------------------------------------- 1 | /** 2 | * @module server/express-cors 3 | * @description 4 | * A express script for setting the CORS headers. 5 | * Sets the CORS-headers. 6 | * 7 | * @copyright 2016, 2017 Martin Krause (http://martinkr.github.io) 8 | * @license MIT license: https://opensource.org/licenses/MIT 9 | * 10 | * @author Martin Krause 11 | * 12 | */ 13 | 14 | const headers = [ 15 | { 16 | "key": "Access-Control-Allow-Origin", 17 | "value": "*" 18 | }, 19 | { 20 | "key": "Access-Control-Allow-Headers", 21 | "value": "Origin, X-Requested-With, Content-Type, Accept" 22 | } 23 | ]; 24 | 25 | /** 26 | * Returns a curried function for setting request headers. 27 | * @memberof module:server/express-cors 28 | * @param {Array} headers the headers to set 29 | * @returns {Function} a curried function for setting request headers. 30 | */ 31 | const setHeaders = (headers) => (res) => headers.forEach((item) => res.header(item.key, item.value)); 32 | 33 | /** 34 | * The curried function for setting request headers. 35 | * @memberof module:server/express-cors 36 | * @param {Object} the request object to pass down 37 | * @returns {undefined} undefined 38 | */ 39 | const setCORSHeaders = setHeaders(headers); 40 | 41 | 42 | /** 43 | * The api funtion for setting the CORS headers 44 | * @memberof module:server/express-cors 45 | * @param {Object} req the request object 46 | * @param {Object} res the response object 47 | * @param {Function} next the callback for continuing then middleware chain 48 | * @returns {*} undefined 49 | */ 50 | const api = (req, res) => { 51 | // set the headers on the request 52 | setCORSHeaders(res); 53 | return true; 54 | }; 55 | 56 | module.exports = api; -------------------------------------------------------------------------------- /views/css/styles.css: -------------------------------------------------------------------------------- 1 | * { 2 | box-sizing: border-box; 3 | } 4 | 5 | html { 6 | background: rgb(235, 50, 1); 7 | color: rgba(254, 255, 251, 0.97); 8 | font-family: "Open Sans", -apple-system, BlinkMacSystemFont, "Segoe UI", "Roboto", "Helvetica", "Arial", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol"; 9 | font-size: 16px; 10 | line-height: 26px; 11 | } 12 | 13 | body { 14 | display: flex; 15 | align-items: center; 16 | margin-top: 11.375rem; 17 | min-height: 100vh; 18 | font-size: 1rem; 19 | line-height: 1.625rem; 20 | } 21 | 22 | a, 23 | a:link, 24 | a:visited { 25 | color: rgba(254, 255, 251, 0.97); 26 | } 27 | 28 | a:hover, 29 | a:active, 30 | a:focus { 31 | color: rgba(254, 255, 251, 0.75); 32 | } 33 | 34 | 35 | .corsify--container { 36 | max-width: 550px; 37 | padding: 1.625rem; 38 | width: 100%; 39 | } 40 | 41 | 42 | .corsify-animation--intro { 43 | transition: 0.75s ease-out; 44 | } 45 | 46 | .corsify-animation--intro-start { 47 | transform: translate3d( 0, 25px, 0); 48 | opacity: 0 !important; 49 | } 50 | 51 | .corsify-style--transparent { 52 | opacity: 0.5; 53 | } 54 | 55 | .corsify-text--headline { 56 | font-size: 3.75rem; 57 | line-height: 4.875rem; 58 | margin-top: 1.625rem; 59 | margin-bottom: 1.625rem; 60 | font-weight: normal; 61 | letter-spacing: -0.5px; 62 | font-family: "Cabin", sans-serif; 63 | } 64 | 65 | .corsify-text--subline { 66 | margin-bottom: 4.875rem; 67 | letter-spacing: 0; 68 | font-size: 1.5625rem; 69 | line-height: 1.625rem; 70 | margin-top: 1.625rem; 71 | } 72 | 73 | 74 | .corsify-text--subline-target { 75 | opacity: 1; 76 | } 77 | 78 | .corsify-text--minor-headline { 79 | font-size: 1rem; 80 | letter-spacing: 1.5px; 81 | line-height: 1.625rem; 82 | margin-top: 1.625rem; 83 | font-weight: 800; 84 | } 85 | 86 | .corsify-text--copy { 87 | letter-spacing: 0; 88 | margin-bottom: 1.625rem; 89 | margin-top: 0; 90 | } 91 | 92 | .corsify-text--list { 93 | margin-top: 0; 94 | margin-bottom: 1.625rem; 95 | } -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "corsify", 3 | "version": "2.2.0", 4 | "description": "A tiny transparent proxy. The benefit: it adds the CORS-headers! Why? It prevents Cross Domain Errors.", 5 | "main": "./server/main.js", 6 | "scripts": { 7 | "verify": "yarn run lint && yarn run test && echo \"verified $npm_package_name v$npm_package_version\" > ./VERSION.md && cat VERSION.md", 8 | "lint": "./node_modules/.bin/eslint ./server/**/*.js && ./node_modules/.bin/stylelint ./views/css/styles.css", 9 | "build": "./node_modules/.bin/postcss ./views/css/styles.css > ./views/css/build.css", 10 | "prestart": "yarn run verify", 11 | "start": "NPM_CONFIG_PRODUCTION=false; NODE_ENV=production forever -o /dev/null -e /dev/null ./server/main.js", 12 | "dev": "NPM_CONFIG_PRODUCTION=false; NODE_ENV=development ./node_modules/.bin/nodemon -e css,js,mustache ./server/main.js", 13 | "nyc": "./node_modules/.bin/nyc --clean ./node_modules/.bin/mocha --exit", 14 | "report": "./node_modules/.bin/nyc report --reporter=lcov --reporter=html", 15 | "coverage": "./node_modules/.bin/nyc check-coverage --lines 100 --functions 100 --branches 100 --statements 100", 16 | "test": "yarn nyc && yarn report && yarn coverage", 17 | "snyk-protect": "snyk protect", 18 | "prepublish": "yarn run snyk-protect" 19 | }, 20 | "engines": { 21 | "node": ">=8.4.0", 22 | "yarn": "^1.3.0" 23 | }, 24 | "repository": { 25 | "type": "git", 26 | "url": "https://github.com/martinkr/corsify" 27 | }, 28 | "homepage": "https://github.com/martinkr/corsify", 29 | "issues": "https://github.com/martinkr/corsify/issues", 30 | "keywords": [ 31 | "cors", 32 | "proxy", 33 | "express", 34 | "ajax", 35 | "xhr", 36 | "request", 37 | "corsify", 38 | "node" 39 | ], 40 | "author": "Martin Krause (http://martinkr.github.io)", 41 | "license": "MIT", 42 | "dependencies": { 43 | "compression": "^1.7.1", 44 | "express": "^4.16.0", 45 | "forever": "^4.0.3", 46 | "mustache": "^2.3.0", 47 | "mustache-express": "^1.2.5", 48 | "request": "^2.82.0", 49 | "snyk": "^1.316.1" 50 | }, 51 | "devDependencies": { 52 | "nyc": "^15.0.0", 53 | "chai": "^4.1.2", 54 | "cssnano": "^4.0.0", 55 | "cssnano-preset-advanced": "^4.0.0", 56 | "postcss-cli": "^8.0.0", 57 | "nodemon": "^2.0.3", 58 | "mocha": "^7.1.1", 59 | "eslint": "^6.0.0", 60 | "stylelint": "^13.0.0", 61 | "supertest": "^3.0.0" 62 | }, 63 | "snyk": true 64 | } -------------------------------------------------------------------------------- /server/main.js: -------------------------------------------------------------------------------- 1 | /** 2 | * @module server/main 3 | * @description 4 | * corsify 5 | * A tiny transparent proxy. The benefit: it adds the CORS-headers! 6 | * Why? It prevents Cross Domain Errors. 7 | * 8 | * @example 9 | * Run $ yarn && yarn start, afterwards go to http://localhost:3000/ 10 | * 11 | * http://localhost:3000/http://google.com 12 | * 13 | * 14 | * @copyright 2016, 2017 Martin Krause (http://martinkr.github.io) 15 | * @license MIT license: https://opensource.org/licenses/MIT 16 | * 17 | * @author Martin Krause 18 | */ 19 | 20 | // setup 21 | 22 | // change if you like 23 | // const port = 3000; 24 | // heroku :( 25 | const port = 26 | /* istanbul ignore next */ 27 | process.env.PORT || 28 | /* istanbul ignore next */ 29 | 3000; 30 | 31 | const express = require("express") 32 | const app = express(); 33 | 34 | const request = require("request"); 35 | const mustacheExpress = require("mustache-express"); 36 | 37 | // middleware 38 | const cors = require("./express-cors"); 39 | const cleanurl = require("./express-cleanurl"); 40 | const compression = require("compression"); 41 | // const compressionFilter = require("./middleware/filter-compression"); 42 | 43 | // setup mustache for express 44 | app.engine("mustache", mustacheExpress()); 45 | app.set("view engine", "mustache"); 46 | 47 | // setup gzip compression for all items 48 | app.use(compression({ 49 | // "threshold": 0 50 | // ,"filter": compressionFilter, 51 | })); 52 | 53 | 54 | /** 55 | * Renders the splash page. 56 | * @memberof module:server/main 57 | * @param {object} res response object 58 | * @returns {object} res response object 59 | */ 60 | const renderSplash = ((res) => { 61 | res 62 | .status(200) 63 | // .header("X-corsify", "splash") 64 | .render("index.mustache"); 65 | return res; 66 | }); 67 | 68 | 69 | /** 70 | * Setup the default route for adding the CORS header 71 | * @memberof module:server/main 72 | * @param {object} req request object 73 | * @param {object} res response object 74 | * @return {*} the original request's cotnent 75 | */ 76 | app.use("/", (req, res) => { 77 | 78 | // eslint-disable-next-line no-console 79 | // console.log(`[corsify] ${new Date().toUTCString()} - new request for ${req.url}`); 80 | 81 | // rewrite url 82 | req.url = cleanurl(req.url); 83 | 84 | // set CORS headers 85 | cors(req, res); 86 | 87 | // if (req.url === "supertest") { 88 | // return res.send("ok"); 89 | // } 90 | 91 | // no location 92 | if (!req.url || req.url === "/") { 93 | return renderSplash(res); 94 | } 95 | try { 96 | // try to proxy the request 97 | return req.pipe( request( req.url ) ).pipe(res); 98 | } 99 | catch (error) { 100 | // invalid request 101 | return renderSplash(res); 102 | } 103 | 104 | }); 105 | 106 | 107 | // start server 108 | app.listen(port, () => { 109 | // eslint-disable-next-line no-console 110 | console.log(`[corsify] listening on port ${port} while NODE_ENV is set to ${process.env.NODE_ENV}`); 111 | }); 112 | 113 | // export app for supertest 114 | module.exports = app; -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # corsify [![Build Status](https://travis-ci.org/martinkr/corsify.svg?branch=master)](https://travis-ci.org/martinkr/corsify) 2 | A tiny transparent proxy. The benefit: it adds the CORS-headers! Why? It prevents Cross Domain Errors. 3 | 4 | Try it: [http://corsify.me](http://corsify.me) 5 | - Without CORS-headers: [http://shaky-library.surge.sh](http://shaky-library.surge.sh) 6 | - With CORS-headers aka "corsyfied": [http://localhost:3001/http://shaky-library.surge.sh](http://localhost:3001/http://shaky-library.surge.sh) 7 | 8 | ## CORS-i-fy? What is this all about? 9 | > Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts) on a web page to be requested from another domain outside the domain from which the resource originated. [https://en.wikipedia.org/wiki/Cross-origin_resource_sharing](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) 10 | 11 | ## Wait… What?! 12 | Your script from http://rebel-mother.surge.sh makes an AJAX-request to http://shaky-library.surge.sh.
13 | You see the infamous "XMLHttpRequest cannot load http://shaky-library.surge.sh. Origin http://rebel-mother.surge.sh is not allowed by Access-Control-Allow-Origin." error message. 14 | 15 | ## corsify to the rescue! 16 | Change your AJAX-Request from http://shaky-library.surge.sh to http://localhost:3001/http://shaky-library.surge.sh. Et voilá: no more errors. 17 | 18 | ## So simple? 19 | For now: yes. 20 | 21 | 22 | ## Roll our own! 23 | ``` $ git clone https://github.com/martinkr/corsify.git``` the repository and fire up your own local instance with docker or plain node.js. 24 | 25 | ### With the included Dockerfile 26 | Fast and clean. No additional files on your machine. 27 | - Build the image: ```$ docker build -t corsify:latest . ``` 28 | - Start the container: ```$ docker run -p 3001:3000 corsify:latest``` 29 | - Go to: [http://localhost:3001](http://localhost:3001) 30 | 31 | Uses ``` alpine:3.6``` and ```node:8.4.0```. 32 | 33 | 34 | ### Directly on your machine: 35 | Fast and easy, but all those node_modules… 36 | - Install dependencies ```$ npm install``` or ```$ yarn ``` 37 | - Build the files and start server ```$ npm start``` or ```$ yarn start ``` 38 | - Go to: [http://localhost:3000](http://localhost:3000) 39 | 40 | Requires ```nodejs```. Recomended: ```v8.4.0```, but it might work with older versions too. 41 | 42 | # Tech Stack 43 | - ECMAScript 2015 on ```nodejs v8.4.0``` 44 | - Rendering ```Mustache v2.3.0``` templates 45 | - CSS 3 piped through ```postcss-cli v4.1.1``` with ```cssnano v3.10.0``` and ```cssnano-preset-advanced v4.0.0-rc.2```, 46 | - Running on ```express`v4.14.1``` 47 | - With ```forever v0.15.3``` 48 | - And gzip ```compression v1.7.0``` 49 | - 100% code coverage using ```mocha v3.5.2```, ```chai v4.1.2```, ```supertest v3.0.0``` and ``` "nyc 11.2.1"```, 50 | 51 | ## Resources 52 | - [https://enable-cors.org](https://enable-cors.org) 53 | - [https://en.wikipedia.org/wiki/Cross-origin_resource_sharing](https://en.wikipedia.org/wiki/Cross-origin_resource_sharing) 54 | - [https://www.html5rocks.com/en/tutorials/cors](https://www.html5rocks.com/en/tutorials/cors) 55 | 56 | ## License 57 | Licensed under the [MIT license](http://www.opensource.org/licenses/mit-license.php). 58 | 59 | Copyright (c) 2016 - 2021 Martin Krause [http://martinkr.github.io](http://martinkr.github.io) 60 | 61 | -------------------------------------------------------------------------------- /test/main.spec.js: -------------------------------------------------------------------------------- 1 | /** 2 | * specs for corsify 3 | * A tiny transparent proxy. The benefit: it adds the CORS-headers! 4 | * Why? It prevents Cross Domain Errors. 5 | * 6 | * http://localhost:3000/http://google.com 7 | * 8 | * 9 | * @copyright 2016, 2017 Martin Krause (http://martinkr.github.io) 10 | * @license MIT license: https://opensource.org/licenses/MIT 11 | * 12 | * @author Martin Krause 13 | */ 14 | 15 | 16 | const app = require("./../main.js") 17 | const supertest = require("supertest")(app); 18 | 19 | describe('the corsify service', () => { 20 | 21 | describe('sends correct HTTP-Status codes', () => { 22 | 23 | it("should respond with 200 if there's no destination", (done) => { 24 | supertest 25 | .get("/") 26 | .expect(200) 27 | .end(done); 28 | }); 29 | 30 | it("should respond with 200 if there's an invalid destination", (done) => { 31 | supertest 32 | .get("/invalid") 33 | .expect(200) 34 | .end(done); 35 | }); 36 | 37 | }); 38 | 39 | 40 | describe("delivers the correct content", () => { 41 | 42 | it("should serve the splash page if there's no destination", (done) => { 43 | supertest 44 | .get("/") 45 | .expect(/corsify.me<\/title>/) 46 | .expect((res) => { 47 | if (!res.headers['access-control-allow-origin'] || res.headers['access-control-allow-origin'] !== "*") { 48 | throw new Error("access-control-allow-origin not present"); 49 | } 50 | if (!res.headers['access-control-allow-headers'] || res.headers['access-control-allow-headers'] !== "Origin, X-Requested-With, Content-Type, Accept") { 51 | throw new Error("access-control-allow-headers not present"); 52 | } 53 | }) 54 | .end(done); 55 | }); 56 | 57 | it("should serve the splash page if there's an invalid destination", (done) => { 58 | supertest 59 | .get("/invalid") 60 | .expect(/<title>corsify.me<\/title>/) 61 | .expect((res) => { 62 | if (!res.headers['access-control-allow-origin'] || res.headers['access-control-allow-origin'] !== "*") { 63 | throw new Error("access-control-allow-origin not present"); 64 | } 65 | if (!res.headers['access-control-allow-headers'] || res.headers['access-control-allow-headers'] !== "Origin, X-Requested-With, Content-Type, Accept") { 66 | throw new Error("access-control-allow-headers not present"); 67 | } 68 | }) 69 | .end(done); 70 | }); 71 | 72 | it("should serve the proxied content with the CORS header if there's a destination", (done) => { 73 | supertest 74 | .get("/http://shaky-library.surge.sh") 75 | .expect(/shaky-library/) 76 | .expect((res) => { 77 | if (!res.headers['access-control-allow-origin'] || res.headers['access-control-allow-origin'] !== "*") { 78 | throw new Error("access-control-allow-origin not present"); 79 | } 80 | if (!res.headers['access-control-allow-headers'] || res.headers['access-control-allow-headers'] !== "Origin, X-Requested-With, Content-Type, Accept") { 81 | throw new Error("access-control-allow-headers not present"); 82 | } 83 | }) 84 | .end(done); 85 | }).timeout(5000); 86 | 87 | }); 88 | 89 | describe('is performant', () => { 90 | 91 | it("should use GZIP for all requests", (done) => { 92 | supertest 93 | .get("/") 94 | .set("Accept-Encoding", "gzip, deflate, br") 95 | .expect("content-encoding", "gzip") 96 | .end(done); 97 | }); 98 | }); 99 | 100 | }); -------------------------------------------------------------------------------- /.stylelintrc: -------------------------------------------------------------------------------- 1 | { 2 | "rules": { 3 | "color-hex-case": "lower", 4 | 5 | "color-named": "never", 6 | 7 | "color-no-invalid-hex": true, 8 | 9 | 10 | "font-family-name-quotes": "always-unless-keyword", 11 | 12 | "font-family-no-duplicate-names": true, 13 | 14 | 15 | "function-max-empty-lines": 0, 16 | 17 | "function-name-case": "lower", 18 | 19 | "function-url-quotes": "always", 20 | 21 | "function-whitespace-after": "always", 22 | 23 | 24 | 25 | "number-leading-zero": "always", 26 | 27 | 28 | 29 | "string-no-newline": true, 30 | 31 | "string-quotes": "double", 32 | 33 | 34 | 35 | "length-zero-no-unit": true, 36 | 37 | 38 | 39 | "unit-case": "lower", 40 | 41 | "unit-no-unknown": true, 42 | 43 | 44 | 45 | "value-list-max-empty-lines": 0, 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | "shorthand-property-no-redundant-values": true, 54 | 55 | 56 | 57 | "property-case": "lower", 58 | 59 | "property-no-unknown": true, 60 | 61 | "property-no-vendor-prefix": true, 62 | 63 | 64 | 65 | "declaration-bang-space-before": "always", 66 | 67 | "declaration-bang-space-after": "never", 68 | 69 | "declaration-colon-space-after": "always", 70 | 71 | "declaration-colon-space-before": "never", 72 | 73 | "declaration-empty-line-before": "never", 74 | 75 | 76 | 77 | "declaration-block-no-duplicate-properties": true, 78 | 79 | 80 | 81 | "declaration-block-no-redundant-longhand-properties": true, 82 | 83 | "declaration-block-semicolon-newline-after": "always", 84 | 85 | "declaration-block-trailing-semicolon": "always", 86 | 87 | 88 | 89 | "block-closing-brace-empty-line-before": "never", 90 | 91 | "block-opening-brace-newline-after": "always", 92 | 93 | "block-closing-brace-newline-after": "always", 94 | 95 | "block-closing-brace-newline-before": "always", 96 | 97 | "block-no-empty": true, 98 | 99 | 100 | 101 | 102 | 103 | "selector-combinator-space-after": "always", 104 | 105 | "selector-combinator-space-before": "always", 106 | 107 | "selector-descendant-combinator-no-non-space": true, 108 | 109 | "selector-max-compound-selectors": [4, { 110 | "severity": "warning" 111 | }], 112 | 113 | "selector-max-specificity": ["0,4,4", { 114 | "severity": "warning" 115 | }], 116 | 117 | 118 | "selector-no-qualifying-type": true, 119 | 120 | 121 | 122 | 123 | 124 | "selector-no-vendor-prefix": true, 125 | 126 | "selector-pseudo-class-case": "lower", 127 | 128 | "selector-pseudo-class-no-unknown": true, 129 | 130 | "selector-pseudo-element-case": "lower", 131 | 132 | "selector-pseudo-element-no-unknown": true, 133 | 134 | "selector-pseudo-element-colon-notation": "double", 135 | 136 | 137 | 138 | "selector-type-case": "lower", 139 | 140 | "selector-type-no-unknown": true, 141 | 142 | "selector-max-empty-lines": 0, 143 | 144 | 145 | 146 | "selector-list-comma-newline-after": "always", 147 | 148 | "selector-list-comma-space-before": "never", 149 | 150 | 151 | 152 | 153 | 154 | 155 | 156 | "media-feature-name-case": "lower", 157 | 158 | "media-feature-name-no-unknown": true, 159 | 160 | "media-feature-name-no-vendor-prefix": true, 161 | 162 | 163 | 164 | "media-feature-range-operator-space-after": "always", 165 | 166 | "media-feature-range-operator-space-before": "always", 167 | 168 | 169 | 170 | "at-rule-name-case": "lower", 171 | 172 | "at-rule-name-space-after": "always", 173 | 174 | "at-rule-no-unknown": [true, { 175 | "ignoreAtRules": ["/^custom-/"] 176 | }], 177 | 178 | "at-rule-no-vendor-prefix": true, 179 | 180 | "at-rule-semicolon-newline-after": "always", 181 | 182 | 183 | 184 | 185 | 186 | 187 | 188 | "comment-no-empty": true, 189 | 190 | "comment-whitespace-inside": null, 191 | 192 | 193 | 194 | "indentation": "tab", 195 | 196 | "max-nesting-depth": 3, 197 | 198 | "no-descending-specificity": true, 199 | 200 | "no-duplicate-selectors": true, 201 | 202 | "no-extra-semicolons": true, 203 | 204 | "no-invalid-double-slash-comments": true, 205 | 206 | "no-unknown-animations": true 207 | 208 | } 209 | 210 | 211 | } -------------------------------------------------------------------------------- /.snyk: -------------------------------------------------------------------------------- 1 | # Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities. 2 | version: v1.14.1 3 | ignore: {} 4 | # patches apply the minimum changes required to fix a vulnerability 5 | patch: 6 | SNYK-JS-LODASH-450202: 7 | - stylelint > postcss-jsx > @babel/core > lodash: 8 | patched: '2019-07-03T21:21:18.050Z' 9 | - stylelint > lodash: 10 | patched: '2019-07-03T21:21:18.050Z' 11 | - eslint > inquirer > lodash: 12 | patched: '2019-07-03T21:21:18.050Z' 13 | - mustache-express > async > lodash: 14 | patched: '2019-07-03T21:21:18.050Z' 15 | - stylelint > table > lodash: 16 | patched: '2019-07-03T21:21:18.050Z' 17 | - stylelint > postcss-reporter > lodash: 18 | patched: '2019-07-03T21:21:18.050Z' 19 | - postcss-cli > postcss-reporter > lodash: 20 | patched: '2019-07-03T21:21:18.050Z' 21 | - eslint > table > lodash: 22 | patched: '2019-07-03T21:21:18.050Z' 23 | - nyc > istanbul-lib-instrument > @babel/traverse > lodash: 24 | patched: '2019-07-03T21:21:18.050Z' 25 | - eslint > lodash: 26 | patched: '2019-07-03T21:21:18.050Z' 27 | - stylelint > postcss-jsx > @babel/core > @babel/types > lodash: 28 | patched: '2019-07-03T21:21:18.050Z' 29 | - nyc > istanbul-lib-instrument > @babel/traverse > @babel/types > lodash: 30 | patched: '2019-07-03T21:21:18.050Z' 31 | - stylelint > postcss-jsx > @babel/core > @babel/template > @babel/types > lodash: 32 | patched: '2019-07-03T21:21:18.050Z' 33 | - nyc > istanbul-lib-instrument > @babel/traverse > @babel/helper-function-name > @babel/types > lodash: 34 | patched: '2019-07-03T21:21:18.050Z' 35 | - nyc > istanbul-lib-instrument > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash: 36 | patched: '2019-07-03T21:21:18.050Z' 37 | - stylelint > postcss-jsx > @babel/core > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: 38 | patched: '2019-07-03T21:21:18.050Z' 39 | - stylelint > postcss-jsx > @babel/core > @babel/traverse > @babel/helper-function-name > @babel/template > @babel/types > lodash: 40 | patched: '2019-07-03T21:21:18.050Z' 41 | - stylelint > postcss-jsx > @babel/core > @babel/helpers > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash: 42 | patched: '2019-07-03T21:21:18.050Z' 43 | SNYK-JS-LODASH-567746: 44 | - eslint > lodash: 45 | patched: '2020-04-30T21:26:52.342Z' 46 | - stylelint > lodash: 47 | patched: '2020-04-30T21:26:52.342Z' 48 | - eslint > inquirer > lodash: 49 | patched: '2020-04-30T21:26:52.342Z' 50 | - eslint > table > lodash: 51 | patched: '2020-04-30T21:26:52.342Z' 52 | - postcss-cli > postcss-reporter > lodash: 53 | patched: '2020-04-30T21:26:52.342Z' 54 | - stylelint > postcss-reporter > lodash: 55 | patched: '2020-04-30T21:26:52.342Z' 56 | - stylelint > table > lodash: 57 | patched: '2020-04-30T21:26:52.342Z' 58 | - nyc > istanbul-lib-instrument > @babel/traverse > lodash: 59 | patched: '2020-04-30T21:26:52.342Z' 60 | - stylelint > postcss-jsx > @babel/core > lodash: 61 | patched: '2020-04-30T21:26:52.342Z' 62 | - nyc > istanbul-lib-instrument > @babel/traverse > @babel/generator > lodash: 63 | patched: '2020-04-30T21:26:52.342Z' 64 | - stylelint > postcss-jsx > @babel/core > @babel/helper-module-transforms > lodash: 65 | patched: '2020-04-30T21:26:52.342Z' 66 | - nyc > istanbul-lib-instrument > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: 67 | patched: '2020-04-30T21:26:52.342Z' 68 | - stylelint > postcss-jsx > @babel/core > @babel/helpers > @babel/traverse > lodash: 69 | patched: '2020-04-30T21:26:52.342Z' 70 | - stylelint > postcss-jsx > @babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > lodash: 71 | patched: '2020-04-30T21:26:52.342Z' 72 | - nyc > istanbul-lib-instrument > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash: 73 | patched: '2020-04-30T21:26:52.342Z' 74 | - stylelint > postcss-jsx > @babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/generator > lodash: 75 | patched: '2020-04-30T21:26:52.342Z' 76 | - stylelint > postcss-jsx > @babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/helper-split-export-declaration > @babel/types > lodash: 77 | patched: '2020-04-30T21:26:52.342Z' 78 | - stylelint > postcss-jsx > @babel/core > @babel/helper-module-transforms > @babel/helper-replace-supers > @babel/traverse > @babel/helper-function-name > @babel/helper-get-function-arity > @babel/types > lodash: 79 | patched: '2020-04-30T21:26:52.342Z' 80 | -------------------------------------------------------------------------------- /views/index.mustache: -------------------------------------------------------------------------------- 1 | <!DOCTYPE html> 2 | <html lang="en"> 3 | <head> 4 | <meta charset="UTF-8"> 5 | <meta content="width=device-width, initial-scale=1.0" name="viewport"> 6 | <meta content="ie=edge" http-equiv="X-UA-Compatible"> 7 | <title>corsify/{me} 8 | 9 | 12 | 13 | 14 | Fork me on GitHub 15 |
16 |

corsify/{me}

17 | 18 |

CORS-i-fy? What is this all about?

19 |
Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources (e.g. fonts) on a web page to be requested from another domain outside the domain from which the resource originated.
20 |

Wait… What?!

21 |

Your script from http://rebel-mother.surge.sh makes an AJAX-request to http://shaky-library.surge.sh.
Instead of the response, your see the infamous "XMLHttpRequest cannot load http://shaky-library.surge.sh. Origin http://rebel-mother.surge.sh is not allowed by Access-Control-Allow-Origin." error message.

22 |

corsify to the rescue!

23 |

Change your AJAX-Request from http://shaky-library.surge.sh to http://{localhost:3001}/http://shaky-library.surge.sh.
Et voilá: no more errors.

24 |

So simple?

25 |

For now: yes.

26 |

Roll our own!

27 |

Take the code from github and fire up your own local instance with Docker or plain node.js.

28 |

Resources

29 | 34 |
35 | 38 | 39 | --------------------------------------------------------------------------------