Skip host check if scheme is explicitly set

Fixes https://github.com/Rob--W/cors-anywhere/issues/14 This allows CORS anywhere to be forwards-compatible with the surge of new gTLDs.
2026-05-13 15:09:25 +00:00 · 2015-05-06 22:13:53 +02:00
parent 903f3d32dc
commit 0e594a2b03
3 changed files with 12 additions and 1 deletions
--- a/lib/cors-anywhere.js
+++ b/lib/cors-anywhere.js
@@ -258,7 +258,7 @@ var getHandler = exports.getHandler = function(options, proxy) {
      return;
    }

-    if (!isValidHostName(location.hostname)) {
+    if (!/^\/https?:/.test(req.url) && !isValidHostName(location.hostname)) {
      // Don't even try to proxy invalid hosts (such as /favicon.ico, /robots.txt)
      res.writeHead(404, 'Invalid host', cors_headers);
      res.end('Invalid host: ' + location.hostname);
--- a/test/setup.js
+++ b/test/setup.js
@@ -97,3 +97,7 @@ echoheaders('http://example.com');
 echoheaders('http://example.com:1337');
 echoheaders('https://example.com');
 echoheaders('https://example.com:1337');
+
+nock('http://robots.txt')
+  .get('/')
+  .reply(200, 'this is http://robots.txt');
--- a/test/test.js
+++ b/test/test.js
@@ -78,6 +78,13 @@ describe('Basic functionality', function() {
      .expect(404, 'Invalid host: robots.txt', done);
  });

+  it('GET /http://robots.txt should be proxied', function(done) {
+    request(cors_anywhere)
+      .get('/http://robots.txt')
+      .expect('Access-Control-Allow-Origin', '*')
+      .expect(200, 'this is http://robots.txt', done);
+  });
+
  it('GET /example.com', function(done) {
    request(cors_anywhere)
      .get('/example.com')