What does it do?
How does it work?
CORS Proxy takes advantage of Cross-Origin Resource Sharing, which is a feature that was added along with HTML 5. Servers can specify that they want browsers to allow other websites to request resources they host. CORS Proxy is simply an HTTP Proxy that adds a header to responses saying "anyone can request this".
Doesn't this open a security hole?
No, for two reasons:
- The domain of the resource is
corsproxy.com, so none of the user's cookies for the upstream domain are sent.
- We strip out
Cookieheaders, so even if an attacker convinced a user to log in through them, they couldn't pass the logged-in state on to the upstream server.
How do I use it?
To request a url on another domain, simply prefix the url with