Corsa proxies HTTP requests, adds CORS headers and can also serve your static web application.
Features:
- proxy requests for
/proxy/http://host/path
tohttp://host/path
- set
Access-Control-Allow-Origin
headers - support for CORS preflight requests
- support for GET, HEAD, POST, PUT, DELETE, OPTIONS
- serve static content from
/app/
(--app-dir
) - limit proxy hosts (
--allow-proxy
) - limit origin (
--allow-origin
)
Corsa is powered by Python and Tornado and is licensed under the MIT license.
You have a static web app in ./mywebapp
that loads images from http://imagesource.example
and stores them in a local CouchDB?
Due to the cross-domain restrictions of all modern browsers, you won't be able to access the image data and you won't be able to access the CouchDB.
Cross-origin resource sharing (CORS) is a mechanism to work around that and Corsa will set the appropriate CORS headers for you.
Start Corsa:
% corsa --app-dir ./mywebapp --allow-proxy http://imagesource.example,http://localhost:5984
Configure your web app to use /proxy/http://imagesource.example
as the image source and /proxy/http://localhost:5984
as your CouchDB URL and go to http://localhost:8888/app/index.html
.
If you application is allready running at http://localhost:8080
:
% corsa --allow-proxy http://imagesource.example,http://localhost:5984 --allow-origin http://localhost:8080
To proxy specific URLs:
% corsa --allow-proxy http://httpbin.org --allow-origin ALL % curl http://localhost:8888/proxy/http://httpbin.org/get -D - HTTP/1.1 200 OK Access-Control-Allow-Origin: * [...]
You can restrict proxying to specific origins. Origin should be the host where your requests to Corsa comes from.
% corsa --allow-proxy http://httpbin.org --allow-origin http://myexample % curl http://localhost:8888/proxy/http://httpbin.org/get -H 'Origin: http://myexample' -D - HTTP/1.1 200 OK Access-Control-Allow-Origin: http://myexample [...] % curl http://localhost:8888/proxy/http://httpbin.org/get -H 'Origin: http://otherdomain' -D - HTTP/1.1 403 Forbidden [...]
You can also host a static web app with Corsa:
% mkdir app % echo 'hello' >> app/index.html % corsa --app-dir app % curl http://localhost:8888/app/index.html -D - HTTP/1.1 200 OK Content-Length: 6 [...] Content-Type: text/html hello
--allow-origin
defaults to SELF
which is an alias for the URL of the Corsa server. This way your web app is able to make requests to all --allow-proxy
hosts by default.
You can permit all origins and proxy hosts with the ALL
alias:
% corsa --allow-proxy ALL --allow-origin ALL % curl http://localhost:8888/proxy/https://github.com/ -D - HTTP/1.1 200 OK [...]
Corsa listens to http://localhost:8888 by default, but you can change that with the --bind
option:
% corsa --bind :9999 % corsa --bind 0.0.0.0 % corsa --bind 0.0.0.0:9090
Corsa is written in Python and requires Tornado. It was tested with Python 2.7/3.3 and Tornado 3.1.
Corsa is hosted on pypi so you can install it with:
pip install corsa