search

Rob--W / cors-anywhere

CORS Anywhere is a NodeJS reverse proxy which adds CORS headers to the proxied request.
MIT License
8.57k stars 5.99k forks source link

load script files and design from a relative path #418

Closed ShlomoCode closed 2 years ago

ShlomoCode commented 2 years ago

Hello, I host this great proxy myself, and approach it like this: https://myproxy.com/https://domain.com But when the destination site - domain.com - loads design / script files from a relative path, i.e. "/script", the file is not loaded and the site display goes wrong ... I checked the Networks tab in Chrome's development tool, and I see that it's trying to load the file from the path https://myproxy.com/script.js, instead of https://myproxy.com/https://domain.com/script.js. I would be happy if you take care of the problem :) Thanks!

Rob--W commented 2 years ago

Duplicate of https://github.com/Rob--W/cors-anywhere/issues/61#issuecomment-277641055

Basically, CORS Anywhere is not supposed to be used as a generic proxy. It should only be used to fetch single resources.

ShlomoCode commented 2 years ago

Hey @Rob--W, do you know of a suitable alternative?

Rob--W commented 2 years ago

Depends on your use case and the level of effort that you want to put into setting it up. The pinned issue on this repo points to some alternatives, at the paragraph starting with "If possible, try to avoid the need for a proxy at all.".

It is strongly not recommended to load arbitrary third-party web content as HTML, because that's a security risk (something that I have commented about in several issues in this repo already).

ShlomoCode commented 2 years ago

@Rob--W Do you mean it? https://github.com/Rob--W/cors-anywhere/issues/418 Because I do not see such a paragraph there ... Can you maybe send a direct link? Thanks! This is one particular site that I want to load as html via proxy .... not the whole network :)

Rob--W commented 2 years ago

Pinned issue is 301, the one at the top of the issue list on Github.

This is one particular site that I want to load as html via proxy .... not the whole network :)

Even if it is one site, it is not recommended to insert HTML from a third party in your own website.

If it is for personal use only, I suggest to use a browser extension to allow the site to be embedded in your website. If you want it to work without browser extensions, you could try to create a new subdomain, and proxy everything at that subdomain to a different destination. As it sounds like you don't need the CORS aspect of this project, but more the proxying functionality, you could use a different library to proxy requests, e.g. the http-proxy library with this example https://github.com/http-party/node-http-proxy#setup-a-basic-stand-alone-proxy-server