Check it out on GitHub

→  https://github.com/harrisonkong/skycors

What it is

A lightweight, Node.js CORS proxy server built to bypass Cross-Origin Resource Sharing (CORS) restrictions during development or production, when requests originate from web browsers.

Features

  • CORS Header Injection: Automatically sets Access-Control-Allow-Origin to incoming requests.
  • Dynamic Routing: Dynamically proxies requests to any target URL passed via query parameters.
  • Lightweight: Minimal dependencies ensuring fast execution and low memory overhead.
  • Controlled Access you can choose to allow all origins or a list of allowed origins. Requests with undefined origins are controlled by an API key to prevent abuse. (These usually do not need a CORS proxy server.)
  • Versatile: Can run locally for development or on cloud platform virtual machines (e.g. AWS) or as Cloudflare workers.

What is CORS?

CORS is a browser security feature that restricts web pages from requesting data from a different domain or origin than the one that the page originated from.

While SOP (Same Origin Policy) simply restricts resource sharing to the same origin only, CORS provides a controlled way to share resources across different origins.

CORS Mechanism

CORS only applies to browser originated requests.

This is why we can build a proxy server to act as the middleware to request the resource on behalf of the browser client. The proxy server can then add the necessary permission in the HTTP header before returning to the browser client, therefore, bypassing the restriction.

CORS Proxy Server

What is it Used for?

This server makes the weather ticker on this website possible. In this application, it is running as a worker on Cloudflare.

It is also used in other financial intranet sites pull stock tickers. In those applications, the servers simply run on internal servers.