-Access-Control-Max-Age header only has meaning for preflights, not
POST or GET, saves wire bytes by excluding it from POST/GET/etc,
and future problems if ACMA on a content HTTP method is given
meaning by W3C or a browser vendor
-fix expectNoHeader() test helper func ,this was a no-op before by
accident and would NEVER fail,
supertest/test.js:Test.prototype._assertFunction requires an retval of
class type Error if test fail, not a string or a number or Object
Travis build failed on "Uncaught TypeError: Object.keys called on non-object".
That's a real error (res._headers was initially null until a header is set).
When proxyReq is aborted (by us - in response to a redirect response),
it can ultimately trigger an "error" event of type ECONNRESET.
This error was unconditionally propagated to the error handler:
https://github.com/nodejitsu/node-http-proxy/blob/v1.11.1/lib/http-proxy/passes/web-incoming.js#L134-L140
Our proxy error handler responds by writing a response + error code,
which prevents the response from being overwritten.
I found this after upgrading the nock library to 5.2.1+, which contains
510e31c73e
The redirect tests that were previously passing in Node 0.10.x were
failing, with errors like "Can't set headers after they are sent.".
The new implementation makes sure that the proxied response is not
forwarded to the original response.
- Add checkRateLimit option to the API.
- Extend the default server.js with environment variables
CORSANYWHERE_WHITELIST (re-using originWhitelist) and
CORSANYWHERE_RATELIMIT (using the new checkRateLimit option)
to make it easy to enforce usage limits.
- Document that Heroku doesn't want open proxies.
Some clients try to use CORS Anywhere, even for same-origin requests...
Add a new setting "redirectSameOrigin" to not waste server resources on
proxying such requests.
Fixes#42
It is not supported, and its current form was not documented.
If you need to proxy a request without listening on a port, just
dispatch a 'request' event on the return value of createServer().
All xfwd and tests fails with this change, but that's because the
tests themselves were incorrect (using port 80/443 instead of the
ephemeral ports created for the tests).
With this commit, you will see the following messages instead of
"Missing required request header ...":
/iscorsneeded = no with direct browsing
/favicon.ico = 404 not found
TODO:
- Move proxyRequest elsewhere, and attach the request state to req
- Investigate the implications of calling req.emit('end');
(It's called in order to trigger reverseProxy.end(), needed to start
the redirect)
From now on, redirects will automatically be handled by the browser.
Using the API by clients has become extremely easy.
Included JavaScript / jQuery snippets in the documentation to
demonstrate that it's easy to use the API.
