hey there,

I am creating a client on nostr and would like to apply for the OSS Program for a cors.sh plan. My client is astral and is MIT licensed. I need to fetch lightning invoices that return small json blobs, and most lightning services don't serve them with cors headers. In the future I might also use it to create link previews for user posted content.

Please let me know if you have any questions!

Thank you!
Mon

When the rate limit is reached, you return a nice 429 response with headers indicating the limit and time till reset and all... but you don't include CORS headers so the origin site cannot read it. It is only visible in the devtools, not programmatically. It will be better if you add CORS headers to the error response so the caller can at least see its status code, and possibly even ratelimit headers.

How do I get invoices and or cancel my account?

https://github.com/Enime-Project/api.enime.moe

Hi guys im wanting to use this for my personal project in next.js https://kaleidoscopic-smakager-97a216.netlify.app/ i will be using it to get google reviews from the places API until i have time to make my own.

Reported Problem:
While interacting with tiktokapis, the proxy server will response with 502, causing cors error on browser console.

The error is caused by url encoding,
which returns 401 (sort of ok)
https://open.tiktokapis.com/v2/user/info/?fields=open_id,union_id,avatar_url,display_name,bio_description,profile_deep_link
but our proxy.cors.sh automatically encodes the url, which will result below
https://open.tiktokapis.com/v2/user/info?fields=open_id%2Cunion_id%2Cavatar_url%2Cdisplay_name%2Cbio_description%2Cprofile_deep_link
If you try this in the browser, you’ll notice that the first will print out the valid json and the second will throw nginx 404 error.
We are now finding a way to prevent this. (In most cases the target server should except the encoded params as a valid query - Unfortunately, tiktok doesn’t)

What I’ve found is that tiktok has very poor api server, that we should always have a trailing slash before the query params.

https://open.tiktokapis.com/v2/user/info?fields=open_id
https://open.tiktokapis.com/v2/user/info/?fields=open_id
                                         ^ slash required

Solution:

We are adding new header x-strict-request-url
Which users can set the same request url, but preventing it from getting altered (url-encoded, trailing slash being removed)

You can use this the same way you did, but with extra header

// example with tiktok api
fetch("https://proxy.cors.sh/https://open.tiktokapis.com/v2/user/info/?fields=open_id", {
     headers: {
         "x-cors-api-key": "<your-cors.sh-api-key>",
         "Authorization": "Bearer <your-tiktok-token>",
         // NEW (enter the same url)
         "x-strict-request-url": "https://open.tiktokapis.com/v2/user/info/?fields=open_id"
    }
})

You are applying for validated OSS program

• My project is OSS licensed and open to public. (Must have LICENSE file)
• My project is has more than 5 ⭐️stars on Github, which is the required for this program.

Repository URL to your project

https://github.com/alejandroch1202/dollar-monitor

URL to your website

https://monitordolar.netlify.app/

Expected Quota of usage

• Less than 1,000,000 requests / month
• Less than 5mb per request

Details

- Category: Educational / Utils
- License: MIT
- Date of release: 03/26/2023

Anything else?

Although my app was made for practice / educational purposes, here in my country there is an official rate of USD to our national currency (BCV), however, the "street" price often is a quite different, so, people sometimes needs to check that price in order to make deals and it would be nice keep this page working for a small group of people that I share.

You are applying for OSS program

• Yes my project is OSS licensed and open to public.

Repository URL to your project

https://github.com/lawrenceshava/roadside

URL to your website

No response

Expected Quota of usage

About 100 000 - 250 000

Details

- Category:
- License:
- Date of release:

Anything else?

No response

Hi,

I'm trying to use your CORS proxy by doing nothing but appending my URL to yours, but I get this message in the console:

Access to XMLHttpRequest at 'https://cors.bridged.cc/<website> from origin 'null' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

If this is the wrong place to ask for help, is there a better one?

You are applying for validated OSS program

• My project is OSS licensed and open to public. (Must have LICENSE file)
• My project is has more than 5 ⭐️stars on Github, which is the required for this program.

Repository URL to your project

https://github.com/Zoronium/Deimos-Backend

URL to your website

https://Deimos-backend.zoronium.repl.co

Expected Quota of usage

1000

Details

- Category: Web
- License:MIT
- Date of release:05/03/2023

Anything else?

please see our readme file at https://github.com/Zoronium/Deimos-Backend

Important notice (ACTION REQUIRED)

Recently, lots of abused usage of free bridged cloud services are detected. To keep providing the service free for everyone, we decided to force application registration to use bridged.cc services.

Register your service here -> https://grida.co/cloud/cors/register

1. service / account registration
2. get your api key in 24H
3. update your bridged.cc service call to use registered api key
4. unauthorized request will be blocked from Oct 10 2021
5. OR Use this hotline to contact us - join slack

curl -XGET -H 'x-cors-grida-api-key: your-api-key-here' 'https://cors.bridged.cc/https://grida.co'

Please join our community slack for latest updates / any questions, via this invitation link

History (From here, it's an informative document, your action is not required)

(July 4 2021)
As noticed, we've started blocking unregistered applications order by most frequently accessing. currently 6 hosts are blocked to use our proxy service, waiting for the organizers to contact us. (with no contact, these blocking will remain permanent) - gridaco/base#31

(June 29 2021)

• Preflight large file blocking with 413 deployed. gridaco/base#29
• Boosted Execution timeout from 6s to 12s. gridaco/base#29

(June 2021)
Request per month skyrocketed, reached up to 2 billion requests. We decided to make the service available to authorized app only, preventing abused & anonymous usages.

(May 2021)
Currently cors services is being called maximum rate of 100,000 request per hour globally, Which the financing issue is held cause of this.

We want to keep this service free and public, open to everyone and we'll need to limit max request per hour per ip or account on free tier to do this.

We're thinking of 10,000 request per hour per ip/account will be an adequate quota to provide as a free tier.

I'll keep this thread open and get feedbacks for this idea.

Current action items are.

• Add statistics to services so we can find if there is a abusing usage of this serviec. (too many request for few clients - we don't want this to happen)
• Write privacy policy for statistics data collecting

Problem still lives.

• How to tell current develooers that this service will be updated? - we don't have there email address or nothing.

cors-service currently lives under bridged base. We decided to make cors service as more general, stand alone service for the web, under this repo & new domain, "cors.sh"

This process might take up to few weeks considering adding redirections to existing service.

hi!
my personal portfolio bypasses the CORS and brings personal blog posts.
thanks.

You are applying for OSS program

• Yes my project is OSS licensed and open to public.

Repository URL to your project

https://github.com/graeme-michael-scott/TT-Site

URL to your website

https://turkeytom.net/

Expected Quota of usage

100-250 per day

Details

- Category: Website
- License: MIT
- Date of release: 01/31/23

Anything else?

This is a website for the famous YouTuber Turkey Tom, and I will be using CORS to make API calls to collect youtube video info

https://www.youtube.com/channel/UCDKJdFer1phQI95UinPZehw

Thanks in advance

alexjohntomy.github.io/dataConn/

Using MIDI pad as input device for numbers quiz

Hytale is an upcoming game, I'm making a website that tracks the latest news and blogposts from the developer's api. I need to use cors.sh to get information from their blog api.
https://github.com/hugovdev/hytale-tracker-astro

https://gamer2810.github.io/steam-miniprofile/

You are applying for OSS program

• Yes my project is OSS licensed and open to public.

Repository URL to your project

xxx

URL to your website

No response

Expected Quota of usage

1,000,000 requests / month

Details

xxx

Anything else?

No response

Hi, I'm not sure how to make this request but I'd like to use the proxy server on a project that will be available on my github repository. The project is called roadside and is basically uber for roadside assistance services.

Please let me know how I can proceed.

email: [email protected]

You are applying for OSS program

• Yes my project is OSS licensed and open to public.

Repository URL to your project

https://github.com/jeffreystorer/tlcgolf

URL to your website

https://tlcgolf.web.app

Expected Quota of usage

No more than 1,000 per day

Details

- Category:
- License:
- Date of release:

Anything else?

No response

Hi! There is a Figma plugin https://github.com/PavelLaptev/JSON-to-Figma, and I need to bypass CORS to fetch images.
Thanks!

https://sketchy-bot.github.io/sketch/

This is a drawing app for swapping art between users, improves the toolset of the original drawing app.

this project will only be used for personal use.

I will be using the proxy to make calls to different social media platforms to display information about me.

Thank you,

You are applying for validated OSS program

• My project is OSS licensed and open to public. (Must have LICENSE file)
• My project is has more than 5 ⭐️stars on Github, which is the required for this program.

Repository URL to your project

https://github.com/Iconem/search-satellite-imagery/

URL to your website

https://iconem.com

Expected Quota of usage

max 10000

Details

- Category: Earth Observation
- License: MIT
- Date of release: 01/01/2023

Anything else?

No response

Hello,

Currently I am developing an Angular application for my capstone/senior design project and am in need of a reliable CORS proxy. Fortunately, the free version has worked extremely well so far and has been extremely useful in development and testing. However, I recently have been receiving 429 errors and have been unable to use the proxy.

Thanks

To Reproduce
Steps to reproduce the behavior:

1. go to https://app.cors.bridged.cc/
2. POST method, URL: https://open-api.tiktok.com/oauth/access_token/

Screenshots

You are applying for OSS program

• Yes my project is OSS licensed and open to public.

Repository URL to your project

https://github.com/mahfoozm/YorkURMP

URL to your website

No response

Expected Quota of usage

expected 5000-10000 requests/month

Details

- Category: Education
- License: GPLv3
- Date of release: 01/04/2023

Anything else?

No response

Describe the bug
Message return:

Bad Message 431

reason: Request Header Fields Too Large

To Reproduce
Steps to reproduce the behavior:

1. Go to https://app.cors.bridged.cc/?
2. My request not includes any header
3. My url: https://api.linkedin.com/v2/me?oauth2_access_token=AQVFu04htNU9BJPd_iLGJ9hHgysq7SxcT6DQHIqdl2y4C9shZznWY2zYejs0zxq2dAlVm8evo1AK5p343pMBBpHVcutQpjkecw4-CMs2jY7B7fPSOqHynM38FFE1j9sNB7c9nGGoc6lzeLr4JwjJYIOE9Vfv4sP7WFnKycpAyBd6Cz7PYlvYndit_O2LVLAGA8SMS6vhwtA3GejZi-Q49fqbgNubzG8S49XjTE2e3bCLNweNnihz1AUzrG1ja-1cvk0dVa2r4z4epRCuI1Js0C_NKO1LZHZeKGSdu-JuQ12lrCeQh1RDfNazQHGmgYXNd0tl2OMEd_fNMEUCqsK_qi61JvITkQ2r3r23rfwfwf&projection=(id,profilePicture(displayImage~digitalmediaAsset:playableStreams),localizedLastName, firstName,lastName,localizedFirstName)
   Expected behavior
   I don't understand why my request can't make.

You are applying for validated OSS program

• My project is OSS licensed and open to public. (Must have LICENSE file)
• My project is has more than 5 ⭐️stars on Github, which is the required for this program.

Repository URL to your project

https://github.com/mukulpatnaik/researchgpt

URL to your website

https://researchgpt.ue.r.appspot.com/

Expected Quota of usage

Not more than 100 a day

Details

- Category: Artificial Intelligence
- License: MIT
- Date of release: 2/14/2023

Anything else?

No response

I'm working on a serverless web app, which leverages github oauth2 for accounts. I'm using cors.sh to request access tokens on user login. https://github.com/temportalflux/wishlist

You are applying for OSS program

• Yes my project is OSS licensed and open to public.

Repository URL to your project

https://github.com/megz15/ghotbypasser/

URL to your website

https://megz15.github.io/ghotbypasser/ (it's not up yet)

Expected Quota of usage

Hmm, probably around 2000 per day max

Details

- Category: Education
- License: MIT
- Date of release: 15/01/2023

Anything else?

This project will be really helpful for me and my friends, we are in uni and the prescribed books have difficult problems. Some of the solutions are on Chegg and similar sites but they are unfortunately behind paywalls.

You are applying for OSS program

• Yes my project is OSS licensed and open to public.

Repository URL to your project

https://github.com/ShparagaVladimir/GradebookProject

URL to your website

dec-npk.srspu.ru

Expected Quota of usage

10

Details

- Category:
- License:
- Date of release:

Anything else?

No response

You are applying for OSS program

• Yes my project is OSS licensed and open to public.

Repository URL to your project

https://github.com/xRoDriGox/ionic_xlead

URL to your website

No response

Expected Quota of usage

1.000.000 per month

Details

- Category:
- License:
- Date of release:

Anything else?

No response

You are applying for OSS program

• Yes my project is OSS licensed and open to public.

Repository URL to your project

https://github.com/CSS-MB/cssmbmaster.git

URL to your website

No response

Expected Quota of usage

Less than 100,000

Details

No response

Anything else?

No response

I developed a mmr search site as a toy project.
However, 429 errors appear because the API request amount is limited.
github: https://github.com/ymh0951/My-LOL-MMR

You are applying for OSS program

• Yes my project is OSS licensed and open to public.

Repository URL to your project

webapp

URL to your website

No response

Expected Quota of usage

alda.ai

Details

- Category:
- License:
- Date of release:

Anything else?

No response

You are applying for OSS program

• Yes my project is OSS licensed and open to public.

Repository URL to your project

https://github.com/jsmithdev/ourss

URL to your website

https://ourss.app

Expected Quota of usage

<1000

Details

- Category: Podcast
- License: MIT
- Date of release: Apr 6, 2022

Anything else?

It's an open source web app, with no real users yet, that checks rss feeds / podcasts. Most servers hosting podcasts work fine so it fetches normally first but falls back to a reverse proxy on (cors) error.

You are applying for OSS program

• Yes my project is OSS licensed and open to public.

Repository URL to your project

https://github.com/ShparagaVladimir/GradebookProject

URL to your website

dec-npk.srspu.ru

Expected Quota of usage

100

Details

- Category:
- License:
- Date of release:

Anything else?

No response

You are applying for OSS program

• Yes my project is OSS licensed and open to public.

Repository URL to your project

https://github.com/TomRadford/shootdrop

URL to your website

https://shootdrop.com/

Expected Quota of usage

Likely less than 1000 a month.

Details

- Category: filmmaking
- License: GPL-3.0
- Date of release: December 2022

Anything else?

No response

First of all, a big Thank You for providing this very useful free service! It's much appreciated.

I'm trying to use cors.bridged.cc to get data from a climate projection dataset hosted on nasa.gov to help a student project.

The nasa.gov endpoint takes parameters in the query string, but does not use the typical "?foo=bar&this=that" syntax.

cors.bridged.cc is apparently modifying the query string before forwarding it on, adding "=" to the end of the string, which is confusing the nasa.gov endpoint, and causing it to return an error rather than the data I need.

Here is an example of a properly-formed request:
https://ds.nccs.nasa.gov/thredds/dodsC/bypass/NEX-GDDP/bcsd/rcp85/r1i1p1/tasmax/GFDL-CM3.ncml.ascii?tasmax[33419:1:33480][517:1:517][1131:1:1131]

Or, url-encoded:
https://ds.nccs.nasa.gov/thredds/dodsC/bypass/NEX-GDDP/bcsd/rcp85/r1i1p1/tasmax/GFDL-CM3.ncml.ascii?tasmax%5b33419:1:33480%5d%5b517:1:517%5d%5b1131:1:1131%5d

The request to the CORS proxy is therefore:
https://cors.bridged.cc/https://ds.nccs.nasa.gov/thredds/dodsC/bypass/NEX-GDDP/bcsd/rcp85/r1i1p1/tasmax/GFDL-CM3.ncml.ascii?tasmax%5b33419:1:33480%5d%5b517:1:517%5d%5b1131:1:1131%5d

However, cors.bridged.cc is modifying that request (as seen in the returned "x-final-url" and "x-request-url" response headers) to:
https://ds.nccs.nasa.gov/thredds/dodsC/bypass/NEX-GDDP/bcsd/rcp85/r1i1p1/tasmax/GFDL-CM3.ncml.ascii?tasmax%5B33419%3A1%3A33480%5D%5B517%3A1%3A517%5D%5B1131%3A1%3A1131%5D=

Aside from the fact that it changed the case of the URL encoding (which doesn't affect the endpoint), it is adding "=" at the end. That's enough to confuse the nasa.gov endpoint, and I can't get usable data from it.

Interestingly, in testing, cors.bridged.cc seems to modify the request's query string in other ways, for example rearranging the query string components. Ex:
https://cors.bridged.cc/https://example.com/endpoint?foo=bar&this=that
...might be changed to:
https://example.com/endpoint?this=that&foo=bar

As mentioned, it also changes case of url encodings, so for example:
https://cors.bridged.cc/https://example.com/endpoint?sandwich=pb%2bj
...might be changed to:
https://cors.bridged.cc/https://example.com/endpoint?sandwich=pb%2Bj

My guess is for most of your users, these modifications don't hurt the passed data, but in my case they make the service unusable.

Is there a switch available, or some other way to prevent the modification of the request?

I had previously used CORS Anywhere, which did not modify the request in this way.

Any assistance is much appreciated.

Thanks!

Describe the bug
https://app.cors.bridged.cc/ isn’t working right now
To Reproduce
Steps to reproduce the behavior:

1. Go to https://app.cors.bridged.cc/
2. GET any website and click on Send
3. See error
   “Error: Network Error”
   F12 console logs: https://pastebin.com/iE91rm04

Expected behavior
It should give a response.

Desktop (please complete the following information):

• OS: Windows 10
• Browser: Chrome

Additional context
Cors always worked on my server and localhost, but it isn’t working anymore since yesterday. When I go to the website to send a test request, it keeps saying “Error: Network Error”

You are applying for OSS program

• Yes my project is OSS licensed and open to public.

Repository URL to your project

URL to your website

Expected Quota of usage

<1K requests per month.

Details

- Category: Appointment Booking
- License: Open Source
- Date of release: Dec 2022

Anything else?

No response