All xfwd and tests fails with this change, but that's because the
tests themselves were incorrect (using port 80/443 instead of the
ephemeral ports created for the tests).
webkit-devtools-agent (tested with 0.2.4 and 0.3.1) is incompatible with
Node 0.12.0. The manual test adds no value at this point, so it has been
removed, including the dependencies (webkit-devtools-agent).
Heroku uses Strict Transport Security (HSTS), which forces that all
requests to *.herokuapp.com must use HSTS. However. Chrome cannot read
the CORS response after a HSTS redirect due to https://crbug.com/387198.
Since the request is going to be redirected to https anyway, the demo
and the documentation will use https by default.
With this commit, you will see the following messages instead of
"Missing required request header ...":
/iscorsneeded = no with direct browsing
/favicon.ico = 404 not found
If you wish to check if the API works, launch demo.html,
set the global cors_api_url variable to your local instance,
enter an URL and press "GET" or "POST".
TODO:
- Move proxyRequest elsewhere, and attach the request state to req
- Investigate the implications of calling req.emit('end');
(It's called in order to trigger reverseProxy.end(), needed to start
the redirect)
From now on, redirects will automatically be handled by the browser.
Using the API by clients has become extremely easy.
Included JavaScript / jQuery snippets in the documentation to
demonstrate that it's easy to use the API.
One of the following headers is required by default:
- Origin: This header is always sent with CORS requests.
- X-Requested-With: This header is automatically added by jQuery on
same-origin requests.
These two headers effectively disable the ability to use the CORS
proxy for regular browsing.
Android's stock browser (and Webview) does not recognize the
Access-Control-Expose-headers response header.
Use the status text field to pass through this information.
Updated demo and documentation.
I discovered that the proxy request was using http even when it
was proxying to an https port / url. This is because we didn't pass
the https parameter through in the proxyRequest method.
