Broken for firefox and chrome

[Bug-Reaper]

I've been reliably using this for about a year and was super shocked when it stopped working pretty recently. Doesn't work with any websites, will provide more info soon but its late now and I'm too tired. I'll also see what I can do in terms of tracking down the issue in the code and/or the spec changes to firefox/chrome which caused this.

[Bug-Reaper]

See here that this doesn't work any longer: https://cors-anywhere.herokuapp.com/https://cors-anywhere.herokuapp.com/ returns this error:

[Rob--W]

So far I haven't seen any evidence that there is something broken. Could you provide more details? For example, do you send an unusually large number of requests? (as of #164, the limit is 200 requests per hour)

When opened directly in the browser, every page except for / will result in "Missing required request header. Must specify one of: origin,x-requested-with". This is intentional.

Also, you should not send requests to https://cors-anywhere.herokuapp.com/https://cors-anywhere.herokuapp.com/, but directly to https://cors-anywhere.herokuapp.com/. Because of #42 , such requests are not handled internally, and instead result in a 301 redirect.

[Bug-Reaper]

Hmm, i’ve Been using this for a year or so now and I originally never got a origin-x error. Is this a new design?

Definitely not hitting the 200 requests per hour and I’m sending requests to the right place I believe.

[Rob--W]

If you get the error, it means that the request was not a cross-origin request. Either because the request is not cross-origin, or because you used fetch with mode: "no-cors".

[grkblood13]

I'm experiencing this as well. I've ran my own cors-anywhere server for a while and it just recently stopped working. Here's header info from dev console.

Request URL: http://127.0.0.1:8888/https://upload.wikimedia.org/wikipedia/commons/8/8a/Aspire_TV_logo.JPG Request Method: GET Status Code: 400 Header required Remote Address: 127.0.0.1:8888 Referrer Policy: no-referrer-when-downgrade

[Bug-Reaper]

I believe if you rollback far enough, you’ll get a working version. Also .m3u8 links are hard blocked by the API now because of previous abuse.

Sent from my iPhone

On Oct 11, 2019, at 9:39 AM, grkblood13 notifications@github.com wrote:

 I'm experiencing this as well. I've ran my own cors-anywhere server for a while and it just recently stopped working. Here's header info from dev console.

Request URL: http://127.0.0.1:8888/https://upload.wikimedia.org/wikipedia/commons/8/8a/Aspire_TV_logo.JPG Request Method: GET Status Code: 400 Header required Remote Address: 127.0.0.1:8888 Referrer Policy: no-referrer-when-downgrade

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.

[Rob--W]

I'm experiencing this as well. I've ran my own cors-anywhere server for a while and it just recently stopped working. Here's header info from dev console.

Request URL: http://127.0.0.1:8888/https://upload.wikimedia.org/wikipedia/commons/8/8a/Aspire_TV_logo.JPG Request Method: GET Status Code: 400 Header required Remote Address: 127.0.0.1:8888 Referrer Policy: no-referrer-when-downgrade

It is not possible to directly visit the response in a browser tab. If you are able to reproduce the issue via XMLHttpRequest, fetch (or any other API with cross-origin requests), share the test case for reproducing the issue.

[grkblood13]

The above is via fetch.

[grkblood13]

@Bug-Reaper, how long have m3u8 links been blocked by the fetch api? Any changelog notes on this? Couldn't find anything myself.

[Bug-Reaper]

I wanna say 8-12 months, but I don't remember. If you check the git commit history and/or releases you can probably find the exact date

[Rob--W]

@grkblood13 You should show the fetch call and its parameters. It may affect whether CORS is needed or not.

@Bug-Reaper The m3u8 block is not in the source code here. The block is a configuration that only applies to the public CORS Anywhere demo, and it was introduced 7 months ago because the host warned about an impeding shut down of the demo due to abuse (see #164).

[Bug-Reaper]

@Rob--W Rodger that, thanks for clarifying! I must have misunderstood that post. Out of curiosity, who threatened to shut you down ?

@grkblood13 Sorry to send you on a wild goose chase

[Rob--W]

The platform on which I was hosting the application (details in #164).