/php-cross-domain-proxy

PHP Proxy for Cross Domain Requests

Primary LanguagePHPGNU General Public License v3.0GPL-3.0

PHP CORS Proxy

Latest Version on Packagist Total Downloads

Formerly known as "PHP Cross Domain (AJAX) Proxy"

PHP CORS Proxy is a simple php script that allows cross domain requests. It can be used to access resources from third party websites when it's not possible to enable CORS on target website i.e. when you don't own that website.

Note: Please check whether this solution is indeed necessary by having a look on how you can enable CORS on your server.

Overview

Features

  • Acts as a reverse proxy: request headers and data are propagated from proxy to server. Similarly, response headers and data are propagated from proxy to client.
  • Provides support for all methods GET, POST, PUT, DELETE.
  • Provides also support for HTTPS.
  • Requests can be filtered against a list of trusted domains or URLs.
  • External configuration (Work in progress)
  • Error handling i.e. when server is not available (Work in progress)
  • Debugging mode (Work in progress)

Requirements

PHP Cors Proxy works with PHP 5.3+ or above.

Author

License

PHP CORS Proxy is licensed under GPL-3.0. See LICENCE.txt file for further details.

Installation

Using composer

composer require softius/cors-proxy

Manual installation

The proxy is indentionally limited to a single file. All you have to do is to place proxy.php under the public folder of your application.

Configuration

For security reasons don't forget to define all the trusted domains / URLs into top section of proxy.php file:

$valid_requests = array(
    'http://www.domainA.com/',
    'http://www.domainB.com/path-to-services/service-a'
);

Note: There is currently ongoing work to allow configuration outside the proxy.php

Usage

It is possible to initiate a cross domain request either by providing the X-Proxy-URL header or by passing a special GET parameter. The former method is strongly suggested since it doesn't modify the request query. Also, the request looks more clear and easier to understand.

Using headers

It is possible to specify the target URL by using the X-Proxy-URL header, which might be easier to set with your JavaScript library. For example, if you wanted to automatically use the proxy for external URL targets, for GET and POST requests:

$.ajaxPrefilter(function(options, originalOptions, jqXHR) {
    if (options.url.match(/^https?:/)) {
        options.headers['X-Proxy-URL'] = options.url;
        options.url = '/proxy.php';
    }
});

The following example uses curl

curl -v -H "X-Proxy-URL: http://cross-domain.com" http://yourdomain.com/proxy.php

Using query

In order to make a cross domain request, just make a request to http://www.yourdomain.com/proxy.php and specify the target URL by using the csurl (GET) parameter. Obviously, you can add more parameters according to your needs; note that the rest of the parameters will be used in the cross domain request. For instance, if you are using jQuery:

$('#target').load(
    'http://www.yourdomain.com/proxy.php', {
        csurl: 'http://www.cross-domain.com/',
        param1: value1,
        param2: value2
    }
);

The following example uses curl

curl -v "http://yourdomain.com/proxy.php?csurl=http://www.cross-domain.com/&param1=value1&param2=value2"