PSA: Public demo server (cors-anywhere.herokuapp.com) will be very limited by January 2021, 31st
Rob--W opened this issue ยท 94 comments
The demo server of CORS Anywhere (cors-anywhere.herokuapp.com) is meant to be a demo of this project. But abuse has become so common that the platform where the demo is hosted (Heroku) has asked me to shut down the server, despite efforts to counter the abuse (rate limits in #45 and #164, and blocking other forms of requests). Downtime becomes increasingly frequent (e.g. recently #300, #299, #295, #294, #287) due to abuse and its popularity.
To counter this, I will make the following changes:
- The rate limit will decrease from 200 (#164) per hour to 50 per hour.
- By January 31st, 2021, cors-anywhere.herokuapp.com will stop serving as an open proxy.
- From February 1st. 2021, cors-anywhere.herokuapp.com will only serve requests after the visitor has completed a challenge: The user (developer) must visit a page at cors-anywhere.herokuapp.com to temporarily unlock the demo for their browser. This allows developers to try out the functionality, to help with deciding on self-hosting or looking for alternatives.
What should current users of CORS Anywhere do in response to this announcement?
If possible, try to avoid the need for a proxy at all. CORS Anywhere works by combining proxy functionality with CORS. You may not need proxy functionality, if the web service that you are trying to access already supports CORS. This is the preferred solution because it is faster and more reliable. For development, you can also consider the use of browser extensions that automatically enables CORS for certain websites.
If your use of CORS Anywhere is infrequent, then the exception from step 3 above will allow you to continue as before. The only difference is that you need to explicitly opt in before access is temporarily allowed. If you'd like to not have these restrictions, then you should self-host CORS Anywhere.
For an example of self-hosting, see https://github.com/Rob--W/cors-anywhere#demo-server . There are also many questions and answers about hosting on the issue tracker here (https://github.com/Rob--W/cors-anywhere/issues). If you have questions, please search for existing issues first before opening a new issue.
As announced, the public demo has been restricted. If you are developing a new web application and want to try out CORS Anywhere, visit https://cors-anywhere.herokuapp.com/ and click on the "Request temporary access to the demo server" button, to temporarily restore the full functionality of CORS Anywhere for your client only.
i have message "You currently have temporary access to the demo server." but still not working
@rizkhal Please file a new issue if you encounter what you think is a bug, and include details / reproduction steps.
@rizkhal Please file a new issue if you encounter what you think is a bug, and include details / reproduction steps.
Same issue. I go to /corsdemo and click on the button, then I try to make any request and still get a 403 forbidden.
@rizkhal Please file a new issue if you encounter what you think is a bug, and include details / reproduction steps.
Same issue. I go to
/corsdemoand click on the button, then I try to make any request and still get a 403 forbidden.
Again: please file an issue with exact reproduction steps. 403 can also be the result of something else (e.g. it being the real reply). I cannot resolve the issue unless you share the steps/URL/code/commands to reproduce the issue.
You currently have temporary access to the demo server., but not wirking
I have just published an update to the demo server to improve the detection of a "client". Previously, Heroku routers were mistakenly identified as the "client", with the fix the actual clients are identified instead.
Thanks for the PSA, was wondering why I was getting errors lol. This service was super useful to me and I am able to run it locally for a personal project. Am experimenting with hosting it on my own server. Appreciate your work on this project!!
Hi Rob. Yesterday I requested temporary access via the button located at '/corsdemo'. This got my app working again, though today I had to go through the process again.
Is frequently re-requesting access the intended behaviour? For development purposes this is not an issue, but in production a user couldn't be expected to do this of course. I'm just using the app as a portfolio project by the way, with very little traffic.
So what should I do to host cors-anywhere on my server? Documentation is very far from being clear.
Which folder structure should I create on my server?
Which files from the .zip I downloaded from github should I copy to the server?
Which address should I call from my script rather than "https://cors-anywhere.herokuapp.com" before the resource I need?
Which files should I edit to apply my own restriction?
Which kind of hosting service do I need? Shoud the server have any specific requirement, or will any hosting service work?
What can I do to use this in production? Is it just me to publish this project and use the url in front of my api?
Hi Rob. Yesterday I requested temporary access via the button located at '/corsdemo'. This got my app working again, though today I had to go through the process again.
Is frequently re-requesting access the intended behaviour?
This is intended. The announcement here and the page where you request access very clearly states that access is temporary. The public demo is identical to the source code in this repository, except with additional routing logic in front to verify that access is permitted. The access is regularly revoked (currently 1-2 times per day, sometimes more if the server is overloaded).
For development purposes this is not an issue, but in production a user couldn't be expected to do this of course. I'm just using the app as a portfolio project by the way, with very little traffic.
Previously, the demo server was open to everyone by default. Due to the abuse, the service was often slow or unavailable, which made it a bad service to rely on for portfolio sites. I have once received a request from a student to help them with recovering their grade after their application failed when the public demo was unavailable. These kinds of scenarios can only be avoided by very clearly making the demo opt-in.
For prototyping purposes (e.g. a demo project or an example on a portfolio), you could link to the /corsdemo page and ask visitors to click on the button, once, to opt in.
So what should I do to host cors-anywhere on my server? Documentation is very far from being clear.
This project is a library that can be used to create a CORS proxy server. The project ships with a sample, server.js that uses the library with some default values. The top comment at this page links to "Demo server" in the README, which shows an example of starting the server (or even hosting it on Heroku). There are issues (questions & answers) on this issue tracker about hosting on other platforms.
I occasionally see people forking the project and removing requireHeaders+Origin, or allowing credentials (e.g. cookies). Do not commit the mistake of doing that, it is insecure. I have previously shared some comments about security at #152
Which folder structure should I create on my server?
Which files from the .zip I downloaded from github should I copy to the server?
The relevant files are referenced at
Lines 23 to 29 in 528ad71
If you don't care about the unit tests, then
lib/ and server.js can be copied.It may be easier to clone the repository and occasionally fetch new changes. The public demo runs off a fork of the master branch of this repository.
Which address should I call from my script rather than "https://cors-anywhere.herokuapp.com" before the resource I need?
The server address (scheme + host name + port) on which the CORS Anywhere proxy is running.
Which files should I edit to apply my own restriction?
See the "Demo server" documentation, or edit server.js to have custom logic if the sample doesn't fit your needs.
Which kind of hosting service do I need? Shoud the server have any specific requirement, or will any hosting service work?
The hosting platform needs to be able to run Node.js.
What can I do to use this in production? Is it just me to publish this project and use the url in front of my api?
If you want to operate an open proxy, then yes. If you want to apply restrictions, see my other remarks in this comment.
Thanks for getting back to me. I'll give self hosting a go and and if I can't manage it just redirect to the corsdemo page as you suggest.
Thanks for the hard work you have put in this, really remarkable job, I've mounted now a self-hosting instance, but really appreciated your openness before the headsup to close the service! much <3
Hey Rob, thank you very much for all your documentation and updates. I was using cors-anywhere in my fetch api directing towards the Yelp Fusion API, and querying results into a personal project app on my portfolio. I'm doing everything strictly on the Front End (don't know how to do this on the backend yet), is there any other options you could recommend to solve this issue around the No 'Access-Control-Allow-Origin' header? Thanks again
I was using cors-anywhere in my fetch api directing towards the Yelp Fusion API, and querying results into a personal project app on my portfolio. I'm doing everything strictly on the Front End (don't know how to do this on the backend yet), is there any other options you could recommend to solve this issue around the No 'Access-Control-Allow-Origin' header?
The best solution is to ask your API service provider to support CORS. There appears to be a pending feature request, without recent activity though: Yelp/yelp-fusion#64
If that is not an option, then you have to make the request from a backend, either by building that backend yourself, or by self-hosting CORS Anywhere. The first comment here refers to the README for deploying CORS Anywhere to Heroku, and there are other issues on this issue tracker with instructions for other platforms.
PS. To everyone who is considering to post a new comment here - Please file a new issue if you have questions that are unrelated to the announcement here. This issue should only be used for comments related to the announcement.
I have found a useful replacement
https://cors.bridged.cc/
See detail
Hi guys any idea what we can use beside the above
Thanks
@Corey-Wademan
If you're still looking for a solution to this problem, you can follow the steps in this readme.
Hello i used this solution on dynamics crm 365 ,for this issue any update for the managed solution ? thanks
Hi there,
I see some of you are looking for a replacement to cors-anywhere.
Don't waste your time searching for a better tool: just deploy your own instance to Heroku (free dyno).
It takes 5 minutes. 10 minutes if you need to create a Heroku account ๐
Hi there,
I see some of you are looking for a replacement to cors-anywhere.
Don't waste your time searching for a better tool: just deploy your own instance to Heroku (free dyno).
It takes 5 minutes. 10 minutes if you need to create a Heroku account
It can work,but not good.
They will stop your app when nobody visit your app for a while.Then the next visit will be very slow
thanks for your service
Well, you just broke the internet ๐
Hey, I have forked the project and hosted it on heroku. but it's giving me a 403 status code. I hav read (red) the documentation. Did a few changes but it's not working, please help....
By the way, thank you for this project!!!!
@LincCodes The only way to get 403 on a clean fork of CORS Anywhere is when you've configured restrictions for what origins are allowed access (e.g. via the CORSANYWHERE_BLACKLIST or CORSANYWHERE_WHITELIST environment variables, if you use the server.js from the project). Make sure to use the correct syntax; if you need a refresher on what an Origin is, see https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy#definition_of_an_origin
@LincCodes The only way to get 403 on a clean fork of CORS Anywhere is when you've configured restrictions for what origins are allowed access (e.g. via the
CORSANYWHERE_BLACKLISTorCORSANYWHERE_WHITELISTenvironment variables, if you use the server.js from the project). Make sure to use the correct syntax; if you need a refresher on what an Origin is, see https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy#definition_of_an_origin
Hey Rob, I am trying to understand this but I am not that familiar with node. I mostly use frameworks. Can you please (when you are free), just write a full documentation or text on how to upload after cloning this repository. Please that would be appreciated greatly.
@LincCodes Please do not post multiple comments on this issue asking for support; open a new issue instead, but not before reading existing documentation (including existing issues, or references to external documentation, such as documentation on Heroku). This issue is meant as an announcement, and is kept open so that affected users can communicate with each other.
I've deleted two of your comments (a Thank you message plus your request for documentation).
@LincCodes If you're still having issues, just follow the instructions here.
Not working for me.
@Corey-Wademan
If you're still looking for a solution to this problem, you can follow the steps in this readme.
I used this, its giving me 403 forbidden. I've provided the url in array in server.js still getting 403 forbidden.
clicking on link
message get appears:-
i have message "You currently have temporary access to the demo server."
but still not working:(
And when i open the link for the next time,
Message that get appears is:-
"This API enables cross-origin requests to anywhere.
Usage:
/ Shows help
/iscorsneeded This is the only resource on this host which is served without CORS headers.
/ Create a request to , and includes CORS headers in the response.
If the protocol is omitted, it defaults to http (https if port 443 is specified).
Cookies are disabled and stripped from requests.
Redirects are automatically followed. For debugging purposes, each followed redirect results
in the addition of a X-CORS-Redirect-n header, where n starts at 1. These headers are not
accessible by the XMLHttpRequest API.
After 5 redirects, redirects are not followed any more. The redirect response is sent back
to the browser, which can choose to follow the redirect (handled automatically by the browser).
The requested URL is available in the X-Request-URL response header.
The final URL, after following all redirects, is available in the X-Final-URL response header.
To prevent the use of the proxy for casual browsing, the API requires either the Origin
or the X-Requested-With header to be set. To avoid unnecessary preflight (OPTIONS) requests,
it's recommended to not manually set these headers in your code.
Demo : https://robwu.nl/cors-anywhere.html
Source code : https://github.com/Rob--W/cors-anywhere/
Documentation : https://github.com/Rob--W/cors-anywhere/#documentation"
How long is "temporarily"? Minutes? Hours? Days?
How long is "temporarily"? Minutes? Hours? Days?
The temporary exception is stored in memory. The exceptions are currently cleared once a day, or sooner if the application is restarted. The exceptions last at most 27.5 hours due to Heroku's automatic dyno restart policies that's documented at https://devcenter.heroku.com/articles/dynos#automatic-dyno-restarts
Bruh you can't believe how many people you have helped.
SALUTE
Just wanted to say thanks for this page/app. I'm in a software development course and about 95% of the FETCH statements for my labs work without it, but a few need it for me for some reason.
Hi dear friend, I'm trying to learn Ajax with Vanilla Javascript.
I got a problem with CORS ( from origin 'null' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, https, ipns, chrome-untrusted, ipfs, data, chrome, chrome-extension. ),
and I fixed it with
https://cors-anywhere.herokuapp.com/sample.txt (sample.txt is my file).
Then I got error which says that I should visit https://cors-anywhere.herokuapp.com/corsdemo and then enable demo server by clicking on the button, and I did. (NOTE: I've been trying to make this work with : XAMPP (CrosPlatform Apache PHP Perl server, as guide used it, and also mentioned that we can do this with LIVE SERVER from VS Code, so I did that too. ))
And now, after enabling DEMO SERVER I am getting error for not found page it says this:
404 (Invalid host)
Here is code:
(Javascript)
document.getElementById('button').addEventListener('click', loadText);
function loadText(){
let xhr = new XMLHttpRequest();
xhr.open('GET', 'https://cors-anywhere.herokuapp.com/sample.txt', true);
xhr.onload = function(){
if(this.status == 200){
//console.log(this.responseText);
// It SHOULD display text on the screen NO matter have you consol.loged it, there is xhr.send function(I tried both, nothing works)
}
};
xhr.send();
};
(HTML)
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Ajax 1 - Text File</title>
</head>
<body>
<button id="button">Get Text from File</button>
<script src="main.js"></script>
</body>
</html>
(SAMPLE TEXT just lorem)
Lorem ipsum dolor, sit amet consectetur adipisicing elit. Consequuntur nisi modi fuga voluptatibus expedita, eius deleniti quisquam quo, at ducimus ipsam quis nobis veniam eveniet dolore aliquam repudiandae, totam explicabo sint eos tempora facilis qui. Asperiores fugiat voluptate nemo laborum. Iste ducimus sapiente ipsam! Culpa, animi? Optio esse perferendis velit!
I hope I gave clear explanation ๐
Thank you in Advance
I got error which says that I should visit https://cors-anywhere.herokuapp.com/corsdemo and then enable demo server by clicking on the button, and I did. (NOTE: I've been trying to make this work with : XAMPP (CrosPlatform Apache PHP Perl server, as guide used it, and he also mentioned that we can do this with LIVE SERVER from VS Code, so I did that too. )
And now, after enabling both (XAMPP / LIVER SERVER and DEMO SERVER) I am getting error for not found page, it says this:
404 (Invalid host)
Here is my code:
(Javascript)
document.getElementById('button').addEventListener('click', loadText);
function loadText(){
let xhr = new XMLHttpRequest();
xhr.open('GET', 'https://cors-anywhere.herokuapp.com/sample.txt', true);
xhr.onload = function(){
if(this.status == 200){
//console.log(this.responseText);
// It SHOULD display text on the screen NO matter have you consol.loged it, there is xhr.send function(I tried both, nothing works)
}
};
xhr.send();
};
@karlo-babic1 Please do not post off-topic comments here. Open a new issue instead.
I am getting error for not found page, it says this:
404 (Invalid host)xhr.open('GET', 'https://cors-anywhere.herokuapp.com/sample.txt', true);
Your code sample is incorrect, The format is https://cors-anywhere.herokuapp.com/[url], and in your case [url] is sample.txt, i.e. http://sample.txt/. That's obviously not correct. Your issue is most likely not related to CORS Anywhere, in fact it seems that you need to correctly configure your server instead of introducing CORS Anywhere.
What is the permanent link instead of https://cors-anywhere.herokuapp.com/ ?
What is the permanent link instead of https://cors-anywhere.herokuapp.com/ ?
If you're asking for an "official" domain: this is the "official" domain of the demo server.
What is the permanent link instead of https://cors-anywhere.herokuapp.com/ ?
If you're asking for an "official" domain: this is the "official" domain of the demo server.
I mean how to use it without the need to extend the time. Without clicking 'Request temporarily access'
You need to create and host your own server.
What is the permanent link instead of https://cors-anywhere.herokuapp.com/ ?
If you're asking for an "official" domain: this is the "official" domain of the demo server.
I mean how to use it without the need to extend the time. Without clicking 'Request temporarily access'
Instructions to set up your own instance are available at https://github.com/Rob--W/cors-anywhere#demo-server
What is the permanent link instead of https://cors-anywhere.herokuapp.com/ ?
If you're asking for an "official" domain: this is the "official" domain of the demo server.
I mean how to use it without the need to extend the time. Without clicking 'Request temporarily access'
Instructions to set up your own instance are available at https://github.com/Rob--W/cors-anywhere#demo-server
Thanks
@Corey-Wademan
If you're still looking for a solution to this problem, you can follow the steps in this readme.
Thanks @isoaxe , this works perfectly for me
Hi Cors Anywhere users. I've made a free unlimited version of cors-anywhere (It's exactly the same thing, backed by Grida so it can run at full speed with least limitations)
Here's more information in this blog.
Quick usage -> https://cors.sh/playground
https://proxy.cors.sh/https://your-server.com
Hope this helps with your development ! :)
Not everyone who uses the app is "lazy". Belive it or not, you are not the only programmer in the world and some don't want to spend hours learning about CORS to just access an API.
I salute you for shutting down the open proxy that too many lazy coders were using and abusing. Your server must've been hit hard with all the "stack overflow" answers that say, CORS? Easy, just bypass CORS by using this guys server, he don't mind.
How lazy and cheap are these people that want to write some fancy "app" and use someone else's server to achieve their goals
Lol, this is the laziest comment I may have ever seen on this platform. For one this proxy is one of the most popular work arounds on the web for a reason. Why do you think it was created... Two, it doesn't cost anything to make a server versus using Cors-Anywhere so no one is cheap for using this solution. By the look of it, your repos are as "lazy" as your comment. For many learning, this was a wonderful solution and the creator should be saluted for providing an insanely valuable service for free.
Such a dingus smh
How do I use it for postman? I cant make it available for a moment for testing. Can anyone help? Thank you
How do I use it for postman? I cant make it available for a moment for testing. Can anyone help? Thank you
Postman already supports the ability to perform cross-origin requests without a proxy. Input the destination URL that you'd like to fetch and it will work.
If you still want to use CORS Anywhere to send a request, start by visiting https://cors-anywhere.herokuapp.com/ in your browser. and click on the "Request temporary access to the demo server" button.
Then go to the Headers section of Postman and set the X-Requested-With request header, with any value. Otherwise you would receive the following response: Missing required request header. Must specify one of: origin,x-requested-with
Thank you for your great app and the code, even if it is in demo-mode now. I realy appreciate all your efforts!
In any case I've decided to look through GitHub to find similar free and code-less solutions (CORS-proxy serevers): https://github.com/topics/cors-proxy
The results of my research are the following:
1. You can use some CORS-proxies that I've found
I am sure that they might go down pretty soon, but they are ok to overcome CORS.
https://scrappy-php.herokuapp.com/?url=
https://api.allorigins.win/raw?url=
https://cors-get-proxy.sirjosh.workers.dev/?url=
https://secret-ocean-49799.herokuapp.com/
https://cors.eu.org/
https://cors-proxy.tk/?url=
But once all of them disappear, you can set up your own CORS-proxy server.
2. How to set up a CORS-proxy server on Heroku for free on your own
You don't need to be a programmer to do this, and it takes 5 minutes in total!
How-to:
A). Set up an account at heroku.com and log in.
B). Visit the link to deploy the app. I've used this: https://heroku.com/deploy?template=https://github.com/messier31/cors-proxy-server.git
C). Give any name to your app and press "Deploy app".
And that's it. You might try it yourelf, you don't even need a GitHub account for that.
It works as simple as that:
https://{APP-NAME-YOU-GIVE}.herokuapp.com/{URL-TO-CORS-OVERCOME}
Good luck
PS: If you wish, you can Heroku-deploy the fork of this particular repo with the link mentionned in this thread, using this link: https://heroku.com/deploy?template=https://github.com/Isoaxe/cors-server.git
Steps to create your instance of cors-anywhere on Heroku:
- Create free Heroku account
- Install Node and Heroku CLI (see https://devcenter.heroku.com/articles/nodejs)
- Run
cd some-folder
heroku login
git clone https://github.com/Rob--W/cors-anywhere.git
cd cors-anywhere
heroku create my-app
git push heroku master
- Now start the app
heroku ps:scale web=1
- Update app settings (you don't need to restart the app)
heroku config:set -a my-app CORSANYWHERE_WHITELIST=https://myapp.com
View app info in the browser
heroku open
See real-time app logs
heroku logs --tail
Rename app name
heroku apps:rename new-name --app old-name
Stop the app (but why?)
heroku ps:scale web=0
1. You can use some CORS-proxies that I've found
I am sure that they might go down pretty soon, but they are ok to overcome CORS.
Additional working ones:
how can we use it parmanently??
Hi, I have tried this and it is working completely fine for me. but this is a temporary solution.
Is anyone here who has a permanent solution for this.
Thanks.
The demo just whitelists the user's IP address when the request access button is clicked, right?
Any reason you don't implement a CAPTCHA, or two, to avoid abuse?
Maybe as a long term goal either an API key, an encrypted string containing the expiration timestamp, or a JSON Web Token could be implemented in the project itself. I could see myself using that. I have an implementation of cors-anywhere that is public facing.
Any of those could be sent either in the request URL or in the request headers.
-
http://localhost:8080/http://google.com/?apiKey=apiKeyHere
The disadvantage with an API key is that you would have to keep track of allowed/disallowed/expired. -
http://localhost:8080/http://google.com/?authorization=jctZv6dUJUBd+FfIax3O1w==
whereauthorizationis an encrypted unix timestamp of when the auth expires as seen here...
-
http://localhost:8080/http://google.com/?token=eyJhbGciOiJFUzI1NiJ9.eyJpc3MiOiJjb3JzLWFueXdoZXJlLmhlcm9rdWFwcC5jb20iLCJpYXQiOjE2NDc5NjUwNDQsImV4cCI6MTY1NDk1ODM0OH0.ZHSZBenwbYlRxzBMtzCc0R2yNIpH2K_6JqtWV60O5xHyFpp_sDZIHhEmiBYrNvyWeozTMHq6NCshQ-8-s6OEnA
JSON Web Tokens seem to be the popular approach to this
AES Encryption and Decryption Demo
JSON Web Token Demo
Unix Time Stamp Converter Demo
The demo just whitelists the user's IP address when the request access button is clicked, right?
Temporarily, yes.
Any reason you don't implement a CAPTCHA, or two, to avoid abuse?
Captcha does not offer more than what my implementation of the button already does.
Maybe as a long term goal either an API key, an encrypted string containing the expiration timestamp, or a JSON Web Token could be implemented in the project itself. I could see myself using that. I have an implementation of
cors-anywherethat is public facing.Any of those could be sent either in the request URL or in the request headers.
You're free to implement that, but that would be a change in the API of this project. The key behind this project is its simplicity for clients: just prepend the proxy URL before a cross-origin URL, and the (public) resource can be read.
Here is my own proxy server https://fast-dawn-89938.herokuapp.com/
demo: https://fast-dawn-89938.herokuapp.com/https://google.com
Have a good day! ๐๐
Hi Cors Anywhere users. I've made a free unlimited version of cors-anywhere (It's exactly the same thing, backed by Grida so it can run at full speed with least limitations)
@Rob--W Protocol question: Are comments like the above welcomed and appropriate on this post? It kinda seems like McDonald's advertising in Burger King's parking lot.
Hi Cors Anywhere users. I've made a free unlimited version of cors-anywhere
@Rob--W Protocol question: Are comments like the above welcomed and appropriate on this post? It kinda seems like McDonald's advertising in Burger King's parking lot.
On-topic knowledge to help others with addressing problems are welcome. Spam is not welcome and will be deleted.
At this point this thread has many subscribers, so I kindly request everyone to think twice before posting another comment.
For an example of self-hosting, see https://github.com/Rob--W/cors-anywhere#demo-server . There are also many questions and answers about hosting on the issue tracker here (https://github.com/Rob--W/cors-anywhere/issues). If you have questions, please search for existing issues first before opening a new issue.
Have you set up a paid version of this where you could keep track of any abusers and ban them if they pay and then abuse? I only know enough coding to get myself in trouble and I have to get temporary access daily to run an app we will probably be using several times a week. Thanks!
Are there any recommendations for alternative hosting solutions to use for non-open proxies now that free Heroku dynos are going away?
See #434.
I am not having any issue with the cors. Mine one is working fine
@Rob--W Thanks a ton for making this available. Hosting my own now, but this demo and your instructions have been super helpful for getting set up.
Not working with flutter app in debug and release both modes for authenticating users with appwrite backend. Please help.
That was likely using free hosting, as seen in #434. I am paying for the hosting of cors-anywhere.herokuapp.com, which is therefore still up.
@Rob--W Maybe you should add a donate button?
Here is my hosted fork for this project: https://cors-proxy.fringe.zone/
You may see/add to the repository here:
https://github.com/DMSavchik/cors-anywhere
@Rob--W Thanks a ton for making this available. Hosting my own now, but this demo and your instructions have been super helpful for getting set up.
Please I need a process on how to host and whitelist my site only.
I made a thing of slight evil.
https://github.com/xriss/security-theater
Browser extension that hijacks the cors-anywhere url at the "fetch" level. Works on chrome etc but not firefox as firefox does not support v3 extensions, (yet?).
Not quite the same as the other cors extensions that patch http headers, this patches in page javascript and uses cors-anywhere as a trigger then passes the request into the extensions worker.
The idea is, install extension and you can use cors-anywhere.herokuapp.com without hitting the server and causing any bandwidth costs, don't install extension and you get an obvious intent to use some sort of cors proxy.
Is this a good idea?
Not sure...
Here is my hosted fork for this project: https://cors-proxy.fringe.zone/ You may see/add to the repository here: https://github.com/DMSavchik/cors-anywhere
thankyou
Here is my hosted fork for this project: https://cors-proxy.fringe.zone/ You may see/add to the repository here: https://github.com/DMSavchik/cors-anywhere
I am trying the for calling circleCI from testrail. With your https://cors-proxy.fringe.zone/ it just works fine but if I host my version on heroku it gives cors , do you know the reason? I just fork your repo and deployed it on heroku
Would any developers be willing to pay for a cors proxy? Maybe on a metered billing by the number of requests they make?
Payment is not the problem here. I am already footing the bill for keeping the server online. The problem is that the hosting platform does not want to support an open proxy due to abuse risks.
Would any developers be willing to pay for a cors proxy? Maybe on a metered billing by the number of requests they make?
It's not a common request. And there is already some solutions on the market offering same thing. Much easier to make wrapped api on the server if you have access.
Here is my hosted fork for this project: https://cors-proxy.fringe.zone/ You may see/add to the repository here: https://github.com/DMSavchik/cors-anywhere
Could you pls tell how to depoy this over netlify for free to make our own custom proxy?
is very helpful
I understand many of you are experiencing issues with the limited functionality of the cors-anywhere demo server. Here are some steps to address common problems:
-
Self-Hosting: The best long-term solution is to self-host
cors-anywhere. Rob--W has provided detailed instructions in the README on the GitHub page. Self-hosting gives you full control and avoids the limitations of the demo server. -
Alternatives: If self-hosting isn't feasible, consider alternatives like
https://cors.bridged.cc/or deploying on other platforms like Netlify. These solutions might offer a temporary workaround. -
Temporary Access: For immediate, short-term use, you can still gain temporary access to the demo server by visiting
https://cors-anywhere.herokuapp.com/and clicking "Request temporary access". -
Contribute: If you have suggestions or improvements, consider contributing to the project. Your input could help enhance the functionality for all users.
Remember, the demo is intended for development and testing, not for production use.
RIP brother thank you for your service
RIP brother thank you for your service
Jezz, He died?
No :O
I just started using this and wanted to pay my dues to the golden age
To add to anyone who doesn't know where to get started, you can very easily make a fork of this repo and deploy it directly from Vercel. Took me about 3 minutes.
Can you provide a permanent usage to this solution
To add to anyone who doesn't know where to get started, you can very easily make a fork of this repo and deploy it directly from Vercel. Took me about 3 minutes.
I tried to use vercel but it says "not found" https://cors-anywhere-green-eight.vercel.app/
Like pls share any additional configs file required, or modifications need to me made. It would be much helpful!
Didj
For anyone wanting to quickly and easily convert their existing projects.
Find: "cors-anywhere.herokuapp.com/"
Replace with "corsproxy.io/?"
Make sure you include the "?" that the only difference from cors-anywhere
It's another proxy that integrates almost identically... No other steps needed, it has no API keys, or anything!
Here is my own proxy server https://fast-dawn-89938.herokuapp.com/ demo: https://fast-dawn-89938.herokuapp.com/https://google.com
Have a good day! ๐๐
Does not works
Here is my hosted fork for this project: https://cors-proxy.fringe.zone/ You may see/add to the repository here: https://github.com/DMSavchik/cors-anywhere
Amazing!! Thank you so much