0

My first attempt was to make a reverse proxy in Express which would allow me to request to localhost:3000/request and have it forward to somesite.com/request.

My code was:

var request = require('request');
app.get('/', function(req,res) {
    var newurl = 'http://google.com/';
    request(newurl).pipe(res);
});

This issue with this, is it changes the IP address of the request, to my server's IP.

My next attempt was JSONP, even though this is an HTML webpage, not a JSON file.

var tag = document.createElement("script");
tag.src = 'http://example.com/search?q=test';

document.getElementsByTagName("head")[0].appendChild(tag);

The error for that was: Uncaught SyntaxError: Unexpected token <

User
  • 23,729
  • 38
  • 124
  • 207
  • Yes, if you make a request to another server from your server, then of course, the IP address of the request to the other server is from your server. What else would you expect? A request from A to B will show it is from the IP address of A. – jfriend00 Mar 17 '17 at 06:10
  • In fact if the traffic is going to come back to your Express server, then by definition the IP address that the request comes from has to be your Express server so that the data can be sent back to that IP address of your Express server. – jfriend00 Mar 17 '17 at 06:19
  • @jfriend00 I was hoping to pass the incoming IP address to my web server. I thought I had to pass custom headers like CloudFlare does. https://easyengine.io/tutorials/nginx/forwarding-visitors-real-ip/ – User Mar 17 '17 at 06:34
  • A proxy can announce to the server that is is forwarding the request to that it is proxying the request and it can place the original IP address into some headers so the receiving server can see the original IP address (if it chooses to look there). There are a whole set of rules for how to properly proxy a connection. I'd suggest you get one of the pre-built modules that run in node.js that already does this for you or you can read various specs and articles and learn how to do it yourself. This will only matter if the receiving server actually looks for the proxy-specifc headers. – jfriend00 Mar 17 '17 at 06:38
  • It is really not clear what problem you are trying to solve or what exactly you want help with. The IP address of the proxied request has to be from your server, not from the original server or else the response cannot come back to your server. – jfriend00 Mar 17 '17 at 06:41
  • @jfriend00 The problem is trying to get around CORS to make a request to another domain, while using my visitor's IP address, so I can show them results from other sites, on their behalf. I don't want to spam with my servers IP address when I'm serving content on behalf of others, if that makes sense. If you have a link to a module that works, please add that as your answer. – User Mar 17 '17 at 06:52
  • Why don't you edit your question to explain the real problem. People here can help you a lot better if you describe the actual problem you're trying to solve rather than issues you're having with your current attempted solution. Only when you do that can we tell you about solutions you aren't even aware of yet. And, FYI, that should always be your approach here. It's perfectly fine to show your attempted solution and the problems with it, but ONLY in the context of the overall real problem you're trying to solve. – jfriend00 Mar 17 '17 at 07:06
  • @jfriend00 Done. I added 2 of my attempts. – User Mar 17 '17 at 07:11

1 Answers1

1

You can certainly get around CORS with a server-side proxy. You can use a pre-built module like node-http-proxy to do that and to handle most of the implementation for you.

However, the target destination site will see the request coming from the IP address of your proxy server and you cannot change that.

A proper proxy will insert headers into the original HTTP request that contains the original browser's IP address and the receiving server could look at those additional headers if it chose to. But, if it only looks at the IP address that the request actually comes from, then it will see the IP address of your proxy server and you can't change that. For data to flow from your proxy to the target destination server and then the request to come back through your proxy and back to the original browser, there will necessarily be a TCP connection between your server and the target destination and the source IP address has to be your server (that's the only way the data can flow back to your server so you can then forward it back to the browser).

As for JSONP, JSONP requires cooperative support from the target server (the requested data has to be sent back in a piece of Javascript that when run will call the desired callback function). If that server doesn't explicitly support JSONP, then you can't use it.

jfriend00
  • 683,504
  • 96
  • 985
  • 979
  • Could I create a Flash app or something similar to request permission to run and make the offsite requests? – User Mar 17 '17 at 08:20
  • 1
    @User - The target site (the one you want to make requests to) would have to open itself to cross origin flash requests by hosting an appropriate crossdomain.xml file on the target site. Some details [here](http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html) and [here](http://stackoverflow.com/questions/213251/can-someone-post-a-well-formed-crossdomain-xml-sample). – jfriend00 Mar 17 '17 at 08:52
  • Is there another type of application I could embed on the site to make it crawl? Java applet? – User Mar 17 '17 at 15:24
  • @User - No. Not that will automatically work for users who just come to your website in a browser. Anything else would require the user to install something first (such as a browser add-on). The browser is not intended to be able to do cross origin requests to non-cooperating sites from regular web pages. There are good security reasons why that is now prohibited. – jfriend00 Mar 17 '17 at 16:32