search

Rob--W / cors-anywhere

CORS Anywhere is a NodeJS reverse proxy which adds CORS headers to the proxied request.
MIT License
8.59k stars 6k forks source link

How to configure cors-anywhere rate limit and whitelist? #374

Closed DevSixl closed 3 years ago

DevSixl commented 3 years ago

I want to have my own instance of cors-anywhere running on heroku for all my web projects but I don't know how to configure it.

I've cloned this github repository and installed all of its node modules and I know how to host it to heroku but how do I configure it? Do I have to create my own javascript file or do I simply edit something in the cors-anywhere files?

Edit: I've figured out that I have to do something to the rateLimitConfig variable inside of rate-limit.js that corresponds with the documentation in the file, I just don't want to change the default value now

Edit 2: I want to host my sites as github pages and I don't understand how setting environment variables will change anything for anyone else but me.

Rob--W commented 3 years ago

Edit 2: I want to host my sites as github pages and I don't understand how setting environment variables will change anything for anyone else but me.

Based on this edit, I assume that you've read the instruction to set the environment variable at https://github.com/Rob--W/cors-anywhere#demo-server . The environment variable applies to your instance of CORS Anywhere and applies to any website which attempts to send a request through your proxy. If you only want to allow requests from your Github pages and no-one else, then you could use the default server.js implementation with the following envirtonment variable:

CORSANYWHERE_WHITELIST='https://yourhandlehere.github.io'

In this scenario, the use of CORSANYWHERE_RATELIMIT (rateLimitConfig) is unnecessary, because you likely don't want to enforce a limit on the number of requests that your Github pages page can send.

DevSixl commented 3 years ago

Ok, so inside of server.js, I can omit the checkRateLimit property and simply implement the default CORSANYWHERE_WHITELIST environment variable? Also, I opened this question to ask about configuration because I didn't think I'd need to use environment variables so I don't know whether to input the command "export CORSANYWHERE_WHITELIST=https://example.com" into a terminal or the server.js file.

DevSixl commented 3 years ago

I'm sorry for all questions, I'm not that good at web development 😅

Rob--W commented 3 years ago

I don't know whether to input the command "export CORSANYWHERE_WHITELIST=https://example.com" into a terminal or the server.js file.

This command shows how one can set the environment variable from a shell when you run node server.js locally. The exact mechanism to set the environment variable depends on the system. For Heroku, the explanation is part of the documentation that's linked from my README. Specifically, the section is at https://devcenter.heroku.com/articles/getting-started-with-nodejs#define-config-vars. Applied to this question, the command would be:

heroku config:set CORSANYWHERE_WHITELIST='https://yourhandlehere.github.io'
DevSixl commented 3 years ago

Ooooh, I get it. Thanks for clarifying!

DevSixl commented 3 years ago

One more thing, how would I whitelist all the subdomains for my github pages link since github pages are styled as user.github.io/?

Edit: After a google search, I realize that my definition of subdomain is incorrect as it should have been page path. I want to whitelist the proxy for only my github pages so I want the whitelist to include all the page paths for my github pages link