Open naddi96 opened 1 year ago
Rob--W
commented
1 year ago Thanks for the PR, but I am not going to merge this because the validation can too easily be bypassed, as described in https://github.com/Rob--W/cors-anywhere/issues/448#issuecomment-1444591332
naddi96
commented
1 year ago Thanks for reviewing my PR, I'm using an api endpoint that checks the origin header so for this reason I needed this cors-proxy.
At the same time i didn't want my proxy to be used on other websites/endpoints, I don't want to whitelist the origin because I want to allow requests from different origins and also because it could be still possible to use my proxy on other endpoints if you set the origin header (with curl it's easy to do that).
For this reason I needed some restrictions on based on the request url. I hope is clear the reason why I did the PR, also I get that this is a niche use case so I understand why you dont want to merge
allanyates
commented
3 months ago I implemented the same, as I had the same requirement. But I can't find the referenced issue #448 with the validation bypass situation.
BTW, thx very much for making this code available. It completely solved my issue. Very much appreciated.
I added the functinality for blocking request to specific urls. so all the request to urls in the list requestUrlBlacklist will blocked and all the urls not in the list requestUrlWhitelist will be blocked.
examples: you want a proxy that allow access to "google.com" and deny to all other request requestUrlWhitelist : ["google.com/*"]
you want a proxy that deny access to "google.com" and allow to all other request requestUrlBlacklist: ["google.com/*"]
you want a proxy that allow access to google.com from a specif path "test" and deny to all other request requestUrlWhitelist : ["google.com/test/*"] google.com/test/blabla ->access granted google.com/hello/ -> access denied google.com/ -> access denied