How to use Cors anywhere to reverse proxy and add CORS headers

Question

I've been reading for two hours the documentation of this Reverse proxy to add CORS headers, and I'm not able to use. Can you please help with a simple example how to use that.

CORS-ANYWHERE

I've tried that example in a javascript

(function() {
var cors_api_host = 'cors-anywhere.herokuapp.com';
var cors_api_url = 'https://' + cors_api_host + '/';
var slice = [].slice;
var origin = window.location.protocol + '//' + window.location.host;
var open = XMLHttpRequest.prototype.open;
XMLHttpRequest.prototype.open = function() {
    var args = slice.call(arguments);
    var targetOrigin = /^https?:\/\/([^\/]+)/i.exec(args[1]);
    if (targetOrigin && targetOrigin[0].toLowerCase() !== origin &&
        targetOrigin[1] !== cors_api_host) {
        args[1] = cors_api_url + args[1];
    }
    return open.apply(this, args);
};
})();

I don't understand really if I need node.js or what exactly

Create a script that contains the example in the readme and run `node path/to/script.js`. Then on your page, you simply make a request to that server. — Felix Kling, Apr 16 '15 at 09:37
This is the client side demo linked from the readme: https://github.com/Rob--W/cors-anywhere/blob/master/demo.html — Felix Kling, Apr 16 '15 at 09:43
The example is quite hard to understand with Get and Post methods, I just want to apply CORS-ANYWHERE for a simple URL — Stranger B., Apr 16 '15 at 09:54

score 59 · Answer 1 · answered Aug 23 '15 at 13:15

59

CORS Anywhere helps with accessing data from other websites that is normally forbidden by the same origin policy of web browsers. This is done by proxying requests to these sites via a server (written in Node.js, in this case).

"To use the API, just prefix the URL with the API URL.". That's really all of it. So, instead of requesting http://example.com, you will request https://cors-anywhere.herokuapp.com/http://example.com. CORS Anywhere will then make the request on behalf of your application, and add CORS headers to the response so that your web application can process the response.

The snippet from your question automatically modifies the URL for requests generated by XMLHttpRequest if needed. This snippet is not required, you can just prepend the CORS Anywhere API URL yourself, as done in the demo page.

The repository on Github (https://github.com/Rob--W/cors-anywhere) contains the source code of the server that powers CORS Anywhere. If you are a front-end dev, then that's all you need to know. If your application has many users, then you should host CORS Anywhere yourself, to avoid eating up all resources on the public CORS Anywhere server.

answered Aug 23 '15 at 13:15

Rob W

341,306
83
791
678

1

This seems outdated now. I get this error: "Missing required request header. Must specify one of: origin,x-requested-with". And indeed, instructions at https://cors-anywhere.herokuapp.com said I'd need to modify headers. – Ryan Mar 14 '19 at 18:21
3

@Ryan This is not outdated. The Origin header is automatically added by web browsers for cross-origin requests. If you use a special environment (e.g. a browser extension with permissions to access external websites), then you might not need an external CORS proxy at all. The server-side check exists to conserve resources and discourage unnecessary use of proxies. If for some reason the Origin header isn't automatically added but you do need to use the proxy, set the `X-Requested-With` request header. For more details, see https://github.com/Rob--W/cors-anywhere/pull/145#issuecomment-450528241 – Rob W Mar 15 '19 at 12:32
@Ryan I tried in chrome console for youtube url it doesn't work https://stackoverflow.com/questions/62006628/why-cors-anywhere-herokuapp-com-doesnt-work-with-youtube – user310291 May 25 '20 at 16:29
2

@Ryan I solved this using `setRequestHeader('Content-Type', 'application/x-www-form-urlencoded')`. (The demo in [https://robwu.nl/cors-anywhere](https://robwu.nl/cors-anywhere.html) uses this line.) – Bamdad Jul 13 '20 at 07:26
3

CORS Anywhere is unfortunately no longer a solution. It had to stop service due to abuse: https://github.com/Rob--W/cors-anywhere/issues/301 – CGutz Feb 02 '21 at 18:43

score 37 · Answer 2 · answered Dec 14 '16 at 07:51

37

I defer to Rob, but here is my attempt at an answer to your question.

(Rob, please feel free to correct this answer; and thank you for CORS Anywhere. It recently saved me a heap of trouble.)

Install Node.js.
Install CORS Anywhere.

For example, at a command prompt, enter:

npm install cors-anywhere

(This example command installs CORS Anywhere under the current directory, in node_modules\cors-anywhere.)
Run CORS Anywhere.

For example, at a command prompt, enter:

node cors-anywhere.js

CORS Anywhere responds with a message like this:

Running CORS Anywhere on 127.0.0.1:8080

(The IP address 127.0.0.1 is localhost; your computer.)

You can specify the port in an environment variable, but I chose to edit the value in my local copy of cors-anywhere.js.

Now, suppose you want to use a non-CORS-enabled web service at the following URL:

http://remote.server.com:8085/service

Instead of using that original URL, you use the CORS Anywhere domain and port, followed by the original URL as the path component:

http://localhost:8080/remote.server.com:8085/service

(You can omit the leading http:// from the original URL.)

answered Dec 14 '16 at 07:51

Graham Hannington

1,749
16
18

3

Thanks Graham for your answer. Just wanted to update your point 3 which i had to update. 3. Run CORS Anywhere. Go to your node installed directory and type `C:\cors-anywhere\node_modules\cors-anywhere\lib>npm run start` – user2745777 Oct 08 '18 at 20:31
better change C:\cors-anywhere\node_modules\cors-anywhere\server.js and run node server.js – Enrique Jiménez Flores Mar 09 '19 at 17:51
Just FYI, When I omit http on my API URL, it didn't work. It gave me "GET http://localhost:8085/localhost:8080/rest/api/2/issue/createmeta 404 (Invalid host)" But it did work when I hit this, "http://localhost:8085/http://localhost:8080/rest/api/2/issue/createmeta" – Dravidian Mar 28 '20 at 23:40
Thanks @Graham. if anyone is using this for a specific project, install library to the project and add this line to package.json scripts, `"cors": "node node_modules/cors-anywhere/server.js"`. Then execute `npm run cors` command – ViduraPrasangana Apr 27 '23 at 10:18

score 5 · Answer 3 · answered Oct 14 '21 at 14:20

[I realize that the corsanywhere I am using is different from yours. I am using this one without the hyphen, corsanywhere and not cors-anywhere. So you can try this one if you like as it seems to still be working fine:

https://corsanywhere.herokuapp.com/https://api.yelp.com/v3/businesses/search?term=pizza&location=$dallas&sort_by=rating Edit: Seems like this (without hyphen) may not be the official version so use it with caution.]1

How to use Cors anywhere to reverse proxy and add CORS headers

3 Answers3

Linked