CORS Proxy

What does it do?

CORS Proxy allows javascript code on your site to access resources on other domains that would normally be blocked due to the same-origin policy.

How does it work?

CORS Proxy takes advantage of Cross-Origin Resource Sharing, which is a feature that was added along with HTML 5. Servers can specify that they want browsers to allow other websites to request resources they host. CORS Proxy is simply an HTTP Proxy that adds a header to responses saying "anyone can request this".

Doesn't this open a security hole?

No, for two reasons:

  1. The domain of the resource is corsproxy.com, so none of the user's cookies for the upstream domain are sent.
  2. We strip out Cookie headers, so even if an attacker convinced a user to log in through them, they couldn't pass the logged-in state on to the upstream server.

How do I use it?

To request a url on another domain, simply prefix the url with http://www.corsproxy.com/.

Ex: http://en.wikipedia.org/wiki/http becomes http://www.corsproxy.com/en.wikipedia.org/wiki/http.