d0zingcat/cors-anywhere
1
0
Fork 0
mirror of https://github.com/d0zingcat/cors-anywhere.git synced 2026-05-13 15:09:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Location -> X-Location

Browse Source 
xhr.getResponseHeader('Location') gives:
> Refused to get unsafe header "Location"
This commit is contained in:
Rob W
2013-01-04 23:05:54 +01:00
parent 204edda774
commit 051858b480
3 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -8,7 +8,7 @@ This package does not put any restrictions on the http methods or headers, excep
cookies. Requesting [user credentials](http://www.w3.org/TR/cors/#user-credentials) is disallowed.
Redirects are not automatically followed. Instead, the server replies with http status code 333 and
includes an absolute URL in the `location` response header.
includes an absolute URL in the `Location` response header.
The package also includes a Procfile, to run the app on Heroku. More information about
Heroku can be found at https://devcenter.heroku.com/articles/nodejs.

8
lib/cors-anywhere.js
View File

@@ -49,6 +49,12 @@ function withCORS(headers, request) {
headers['access-control-allow-headers'] = request.headers['access-control-request-headers'];
delete request.headers['access-control-request-headers'];
}
var exposedHeaders = headers['access-control-expose-headers'] || '';
if (exposedHeaders) exposedHeaders += ',';
exposedHeaders += 'location,x-request-url';
headers['access-control-expose-headers'] = exposedHeaders;
return headers;
}
function isForbidden(host) {
@@ -77,8 +83,8 @@ function proxyRequest(req, res, proxy, full_url, proxyOptions) {
headers['location'] = url.resolve(full_url, headers['location']);
}
// Don't use 301 or 302 because browsers may cancel the request (observed in Chrome with a custom request header)
statusCode = 333;
reasonPhrase = 'Redirect ' + statusCode;
statusCode = 333;
}
// Don't slip through cookies

3
lib/help.txt
View File

@@ -11,7 +11,8 @@ If the protocol is omitted, it defaults to http (https if port 443 is specified)
Cookies are disabled and stripped from requests.
Redirects are not automatically followed: The API response has status code 333.
The client ought to confirm this redirection by creating a new request.
The client ought to confirm this redirection by creating a new request (the url
is available in the Location response header).
The requested URL is available in the X-Request-URL response header. Non-existence of this
header implies that the requested URL was not recognized.