Web proxy CORS solution

[Cinemacloud]

Got browser proxy working around CORS. I used CORS chrome extension, which you can study and integrate into your service worker js and/or Apache config

Basically did a couple of things. I stripped 'cache-control' from your Apache header, I set Access-Control-Allow-Origin: to *, and Allow-Control-Allow-Headers to 'include' and CORS errors WHILE using browser-based proxy wasm parallel to main image works without CORS errors and Fetch works. Maybe you already knew this but seemed worth mentioning.

Also I noticed another similar CORS block in similar use case and I think simply having c2w listening over SSL/TLS or at the page/browser its presented on, can eliminate these CORS denials under a lesser known policy or non-header property called CORS 'isolation' required for sharedMemoryBuffer.

[ktock]

@Cinemacloud Thanks for the information.

CORS chrome extension

So does this approach rely on a Chrome extension? Which one are you using (and are there any docs about it)?

[Cinemacloud]

Requestly.io .. their free tier offers plenty to experiment with

[ktock]

Thanks. The approach sounds interesting but it would be great if we can reduce CORS restriction without additional extensions or proxy outside of browser to make it easy to use from the web page clients.

[Cinemacloud]

.. that other project I mentioned called Neko? It streams a full ui and browser within a browser from any non sandboxed source you want like a webrtc vnc. I will try Neko and see if it can inner-load Bing which I was having issues with using in iframes recently. It at least could stream and virtualize a web UI for c2w regardless proxy in browser too or needed. due to CORS/CSP/CORP "ccc" oh my lol. I had Neko up fast on a localhost cli and requested bing fine in their Firefox. But of course theory goes sandbox will not fetch or reverse proxy for a ccc enforcer. Its all abstract to me at this point let me run some tests and see.