How do setup an own server with cors-anywhere

[gustavz]

Dear @Rob--W thank you very much for your work, it's a really helpful tool!

One Thing I could not handle yet is to setup an own server to run cors-anywhere.
My Plan was to build it as Docker Image and run it in a container on the same server that my website is running which uses cors-anywhere to make API Calls.

Can you help me with the setup?
As I think this might be interesting for many cors-anywhere users!

My Setup so far:
Server with IP: 12.123.123.12 running a website accessible on Port 80
Docker Container build from your repository with Dockerfile:

FROM node:10.11-alpine

WORKDIR /usr/src/app
COPY package*.json ./
RUN npm install

COPY . .

EXPOSE 8080

CMD [ "node", "server.js" ]

and started on the server with the command:

export CORSANYWHERE_WHITELIST=*
docker run -d -p 8080:8080 --name cors-anywhere -e CORSANYWHERE_WHITELIST=$CORSANYWHERE_WHITELIST cors-anywhere

I tried different things for CORSANYWHERE_WHITELIST like localhost, 127.0.0.1 or 12.123.123.12

with this setup i am able to reach localhost:8080 to see the following message

This API enables cross-origin requests to anywhere.

Usage:

/               Shows help
/iscorsneeded   This is the only resource on this host which is served without CORS headers.
/<url>          Create a request to <url>, and includes CORS headers in the response.

If the protocol is omitted, it defaults to http (https if port 443 is specified).

Cookies are disabled and stripped from requests.

Redirects are automatically followed. For debugging purposes, each followed redirect results
in the addition of a X-CORS-Redirect-n header, where n starts at 1. These headers are not
accessible by the XMLHttpRequest API.
After 5 redirects, redirects are not followed any more. The redirect response is sent back
to the browser, which can choose to follow the redirect (handled automatically by the browser).

The requested URL is available in the X-Request-URL response header.
The final URL, after following all redirects, is available in the X-Final-URL response header.


To prevent the use of the proxy for casual browsing, the API requires either the Origin
or the X-Requested-With header to be set. To avoid unnecessary preflight (OPTIONS) requests,
it's recommended to not manually set these headers in your code.


Demo          :   https://robwu.nl/cors-anywhere.html
Source code   :   https://github.com/Rob--W/cors-anywhere/
Documentation :   https://github.com/Rob--W/cors-anywhere/#documentation

but when i try to make API calls with this url prefix i am always getting the same error as response:

Missing required request header. Must specify one of: origin,x-requested-with

I also tried this setup running on my local machine which also does not work.

I am pretty sure that I am just missing a simple thing, if you could help me with this, it would be really great!

[Rob--W]

Are you sending a request from a web page at the same origin? If so (and the answer is most likely yes because of the absence of the Origin request header), add the X-Requested-With request header.

For more background, see https://github.com/Rob--W/cors-anywhere/issues/39#issuecomment-387690291

[gustavz]

Thanks for the quick reply Rob,
I am sending my requests with d3.json
So far I was not setting a header but with your suggestion my new call looks like:

d3.json(url)
  .header("X-Requested-With", "XMLHttpRequest")
  .get(function(d) { \\Callback});

which still gives me a 403 (Forbidden) Error

I am able to deploy your app on a heroku instance (as its just plug&play, thanks for that).
My own heroku cors-anywhere app works completely fine (without additional headers), but I want to deploy it on an aws instance, preferred as docker container.
Unfortunately I am not able to get it to work on aws even if i use two different instances, one for my own app making api calls and one for the cors-anywhere app.
I installed node on an EC2 and run your app (node server.js) with open ports 8080, 80 and 433 for in/outbound, but it does not work (same error).

Any ideas on how to get it to work on AWS?

[Rob--W]

Open the browser's developer tools, switch to the network tab and watch the requests. If you cannot make sense of it (e.g. when the actual response is not shown), right-click on the request and copy the request as a curl command, and then run it from the command line to see the full request/response details.

From that you should be able to tell whether the 403 error is generated by CORS Anywhere or the actual response from the proxied request.

[gustavz]

The response is
The origin "http://localhost:8088" was not whitelisted by the operator of this proxy.
although I whitelisted everything with an asterisk * and in the header it says:

Request URL: http://localhost:8080/https://XXX
Request Method: GET
Status Code: 403 Forbidden
Remote Address: [::1]:8080
Referrer Policy: no-referrer-when-downgrade
access-control-allow-origin: *
access-control-expose-headers: access-control-allow-origin
Connection: keep-alive
Date: XXX
Transfer-Encoding: chunked
accept: application/json,*/*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Host: localhost:8080
Origin: http://localhost:8088
Referer: http://localhost:8088/XXX
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: XXX
x-requested-with: XMLHttpRequest

[Rob--W]

* is not a valid origin and does not whitelist anything.

If you don't want to use whitelisting (i.e. you want to allow any origin to make requests through your proxy), then don't assign any value to the origin whitelist.

[gustavz]

Ok that is good to hear.
But also if I start the image just with docker run cors-anywhere (Dockerfile is described above) without any whitelisting parameters, I still get the same response saying that localhost is not whitelisted.

if i explicitly whitelist localhost I do not get any response back but the error net::ERR_UNEXPECTED_PROXY_AUTH and the header looks like:

Request URL: http://localhost:8080/https://XXX
Referrer Policy: no-referrer-when-downgrade
accept: application/json,*/*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Host: localhost:8080
Origin: http://localhost:8088
Referer: http://localhost:8088/XXX
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: XXX
x-requested-with: XMLHttpRequest

[Rob--W]

You need to remove export CORSANYWHERE_WHITELIST=* from your start script.

If you still have the same shell from where you've run the above commands, use unset CORSANYWHERE_WHITELIST or export CORSANYWHERE_WHITELIST= to clear the value of the environment variable.

[gustavz]

I did remove export CORSANYWHERE_WHITELIST=* after you said wildcard does not work for whitelisting.

So what would be minimal working example to make it run locally?
Lets say my NodeJs App making API requests runs on
localhost:8088 and cors-anywhere app runs on localhost:8080?

As I said I am appending X-requested-with to the header with my call

d3.json(url).header("X-Requested-With", "XMLHttpRequest").get()

build the docker image from Dockerfile

FROM node:10.11-alpine

WORKDIR /usr/src/app
COPY package*.json ./
RUN npm install

COPY . .

EXPOSE 8080

CMD [ "node", "server.js" ]

with docker build -t cors-anywhere . and running the container with

docker run -d -p 8080:8080 --name cors-anywhere cors-anywhere

WITHOUT setting any CORSANYWHERE_WHITELIST environment variables results in the errors mentioned in my answer before: getting no response (null) and curl on the complete request returns Missing required request header. Must specify one of: origin,x-requested-with.

Following your answers, this setup should work. Any Idea what I am missing here?

---EDIT:
I also tried emptying requireHeader and removeHeaders in server.js and rebuilding/restarting the container, which returns following in dev-tools in chrome browser:

Request URL: http://localhost:8080/https://XXX
Request Method: GET
Status Code: 400 Bad Request
Remote Address: [::1]:8080
Referrer Policy: no-referrer-when-downgrade
access-control-allow-origin: *
access-control-expose-headers: cache-control,pragma,content-type,proxy-connection,connection,content-length,x-final-url,access-control-allow-origin
cache-control: no-cache
connection: close
content-length: 943
content-type: text/html; charset=utf-8
Date: Fri, 27 Mar 2020 08:51:48 GMT
pragma: no-cache
proxy-connection: close
x-final-url: https://XXX
x-request-url: https://XXX
accept: application/json,*/*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Connection: keep-alive
Host: localhost:8080
Origin: http://localhost:8088
Referer: http://localhost:8088/XXX
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: XXX
x-requested-with: XMLHttpRequest

[Rob--W]

Missing required request header. Must specify one of: origin,x-requested-with

The request header is missing. Try something like: curl -v -H "Origin: http://localhost:8088" http://localhost:8080/https://example.com

[gustavz]

I am behind a corporate proxy, but proxy environment variables are set and normally i got internet access through the console / terminal.

but your command gave a Proxy Authentication Required error:

curl -v -H "Origin: http://localhost:8088" http://localhost:8080/https://example.com
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> GET /https://example.com HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.54.0
> Accept: */*
> Origin: http://localhost:8088
> 
< HTTP/1.1 407 Proxy Authentication Required
< x-request-url: https://example.com/
< proxy-authenticate: NEGOTIATE, NTLM, BASIC realm="INTERNET (Windows) BC scmucep018"
< cache-control: no-cache
< pragma: no-cache
< content-type: text/html; charset=utf-8
< proxy-connection: close
< connection: close
< content-length: 1065
< x-final-url: https://example.com/
< access-control-allow-origin: *
< access-control-expose-headers: proxy-authenticate,cache-control,pragma,content-type,proxy-connection,connection,content-length,x-final-url,access-control-allow-origin
< Date: Mon, 30 Mar 2020 07:36:13 GMT
´´´

[cpt-davidoff]

Hi, have setup cors-anywhere using Cpanel in a hosted environment. I do not have the possibility to access port 8080. How do I set it up so that I dont get the message "Not found because of proxy error: Error: getaddrinfo ENOTFOUND https https:80"? The application is currently running in the root folder. Any help would be much appreciated!

Best Regards
David

[Lewiscowles1986]

Hi, would you be open to a one-click deploy being added to the repo so others can launch on Heroku or DigitalOcean?

It seems from #301 that Heroku might not be desirable as it might upset them. I Could do the same for Digitalocean, as at least people will have to pay for their own hosting. But maybe it's not something you are interested in?

(This offer is for @Rob--W not anyone else)

[Rob--W]

@Lewiscowles1986 If you have instructions to set them it up, just post the details in a new issue so people can find it.

[Uday-Vyas]

Hello Guys, Appreciate if there are any updates on this? We would like to host CORs Anywhere on my subdomain. Appreciate any pointers on getting this addressed. Thanks in advance!

[Lewiscowles1986]

I Forked (totally unmaintained) https://github.com/Lewiscowles1986/cors-anywhere

I got political with some of the naming and I don;t think Rob was particularly interested to have my input https://github.com/Rob--W/cors-anywhere/pulls?q=is%3Apr+is%3Aclosed+author%3ALewiscowles1986 has PR's

[Rob--W]

Hello Guys, Appreciate if there are any updates on this? We would like to host CORs Anywhere on my subdomain. Appreciate any pointers on getting this addressed. Thanks in advance!

The README references documentation at Heroku on setting up a Node.js project, at https://github.com/Rob--W/cors-anywhere#demo-server. It's not as convenient as a one-click deploy.

There has been a PR to implement one-click deploy (by @Lewiscowles1986), which hasn't been merged yet because it was closed before the review feedback at https://github.com/Rob--W/cors-anywhere/issues/320#issuecomment-804394875 was addressed. I wanted to credit @Lewiscowles1986 for the one-click deploy patch, but if the fork is unmaintained with no interest of opening a new PR, then I could create a new set of commits myself.

[yogithesymbian]

i have test with 2 api where its one have cors and one dont have.
if api dont have , its throw Missing required request header. Must specify one of: origin,x-requested-with else its work

[Rob--W]

i have test with 2 api where its one have cors and one dont have.
if api dont have , its throw Missing required request header. Must specify one of: origin,x-requested-with else its work

There is not enough information here to tell what's going on. This kind of question (about the received response) has been asked several times, search on this issue tracker for the message for existing issues.

[Tjiaz]

Please i have read virtually every comment on this page, but i still cant find the best solution. Browser is responding with the same issue using "https://cors-anywhere.herokuapp.com/http://localhost:5000/api/products"

[dartxkotlin]

Please i have read virtually every comment on this page, but i still cant find the best solution. Browser is responding with the same issue using "https://cors-anywhere.herokuapp.com/http://localhost:5000/api/products"

did you have try with change http to https on localhost ?

[Rob--W]

localhost on the proxy's end is generally not the same as localhost in the browser. You cannot use the proxy to load from localhost because the proxy server cannot read your localhost server.

[lovelyBestDev]

Dear @ Rob--W
I am developing Django+React project.
I used web socket in the project to display current price of some crypto in landing page.
But I can't run web socket well because I have cors error, so I used cors-anywhere virtual proxy and it is working well on local.
But unfortunately, I have problem in deploying it on aws.
cors-anywhere proxy server is not working.

My error is like following.

I want your help.
What I need to deploy project in aws?

[Rob--W]

CORS Anywhere does not support proxying of WebSocket connections.

[lovelyBestDev]

Dear @Rob--W
Yes I know.
I used cors-anywhere for getting certain data from kucoin exchange server before connecting websocket.
It is working well on local.
On local, I runned cors-anywhere virtual proxy using "npm start" command.
In aws(linux system), I used same command and I can see following message.

but when running frontend server, I have error I mentioned in above message.
Are there extra settings for running cors-anywhere in aws?

[Tjiaz]

Have u tried downloading the the Cors access control plugins on chrome extension? It worked just fine for me.

[lovelyBestDev]

In the past work, I have tried. But it was not working well.
And then, we can't request every users to download Cors access control extension for using our website.
We have to solve that in our side.

It is urgent problem.
If you have solution, please help me.
I am waiting your help.

[lovelyBestDev]

Dear @Rob--W
I am waiting for you reply

[Rob--W]

@lovelyBestDev There is not enough in your comments to help you. The issue could potentially be caused by your destination server ignoring requests from your server.

[nadeemciit102]

Amazing work @Rob--W. Could you please help me by telling what to do if I need to deploy this server on Netlify? I tried a lot but may be I am missing something small. Also there is no help available on the internet for this. Thanks

[ojoksimovic]

Hi, have setup cors-anywhere using Cpanel in a hosted environment. I do not have the possibility to access port 8080. How do I set it up so that I dont get the message "Not found because of proxy error: Error: getaddrinfo ENOTFOUND https https:80"? The application is currently running in the root folder. Any help would be much appreciated!

@cpt-davidoff If you are running the app from your cPanel hosted website, you should use the default port by setting the port to '443' for https://example.com, or '80' for http://example.com.