mirror of
https://github.com/d0zingcat/cors-anywhere.git
synced 2026-05-13 23:16:51 +00:00
e6695b8102
Some clients try to use CORS Anywhere, even for same-origin requests... Add a new setting "redirectSameOrigin" to not waste server resources on proxying such requests. Fixes #42
32 lines
1.2 KiB
JavaScript
32 lines
1.2 KiB
JavaScript
// Heroku defines the environment variable PORT, and requires the binding address to be 0.0.0.0
|
|
var host = process.env.PORT ? '0.0.0.0' : '127.0.0.1';
|
|
var port = process.env.PORT || 8080;
|
|
|
|
// Grab the blacklist from the command-line so that we can update the blacklist without deploying
|
|
// again. CORS Anywhere is open by design, and this blacklist is not used, except for countering
|
|
// immediate abuse (e.g. denial of service). If you want to block all origins except for some,
|
|
// use originWhitelist instead.
|
|
var originBlacklist = (process.env.CORSANYWHERE_BLACKLIST || '').split(',');
|
|
|
|
var cors_proxy = require('./lib/cors-anywhere');
|
|
cors_proxy.createServer({
|
|
originBlacklist: originBlacklist,
|
|
requireHeader: ['origin', 'x-requested-with'],
|
|
removeHeaders: [
|
|
'cookie',
|
|
'cookie2',
|
|
// Strip Heroku-specific headers
|
|
'x-heroku-queue-wait-time',
|
|
'x-heroku-queue-depth',
|
|
'x-heroku-dynos-in-use',
|
|
'x-request-start',
|
|
],
|
|
redirectSameOrigin: true,
|
|
httpProxyOptions: {
|
|
// Do not add X-Forwarded-For, etc. headers, because Heroku already adds it.
|
|
xfwd: false,
|
|
},
|
|
}).listen(port, host, function() {
|
|
console.log('Running CORS Anywhere on ' + host + ':' + port);
|
|
});
|