jgauffin / corsproxy Goto Github PK

This project is very interesting, and based on all the people running into these issues, it's surprising I'm the first person to star it! I'm guessing most people running into this issue are not on IIS.

In any event, in your blog you show how to integrate it with an MVC project:

routes.EnableCorsProxy();

And there's mention of it working in other flavors of ASP.NET due to it being an IHttpHandler, yet I'm having a hard time seeing the proper way of integrating it for a regular ASP.NET site. Any pointers? Thanks!

You should add a list of alowed host ...

If i find a website use your package, i can use this webserver to perfom attack on other website ...

in my case i only make call to a specific host ... i have edited the sourcecode to allow only my host

when installing this package to mvc all default route ex RedirectToAction("Index", "Home") is generated as /corsproxy?action=Index&controller=Home

then i get a 501 error : X-CorsProxy-Url was not specified. The corsproxy should only be invoked from the proxy javascript.

This is more of a question/ feature request than a bug really. We've got the requirement to have the custom request headers duplicated onto the proxied Ajax requests. Any way to do this easily in this library without modifying the source code to inject our headers directly?

Hi,

first of all thank you for creating this. You've saved my life:-).

while using this solution I found an issue preventing me from correctly using data in ajax get request. When I do something like this:

$.ajax({
    url: 'http://www.example.com/Foo/Bar?x=1&y=2',
    data: { id : 1 },
    crossDomain: true
});

url is correctly passed with X-CorsProxy-Url header, however whatever is in data is not. Content of data is attached to corsproxy url (so a call is done to an address like (...)/corsproxy?id=1 with a correct X-CorsProxy-Url header containing content of url attribute) and is not redirected further.

I've managed to fix this by simply changing your .js file from:

var url = options.url;

to:

var url = options.url + '&' + options.data;

in my scenario this will work (I'm sure that options.data is never empty and there are always other elements in query string so appending new ones with '&' is valid), but in general this might need more work (like checking whether there is a query string at all and use '?' instead of '&' and so on).

Best Regards

Hi!
I would like to use this proxy to get rid of a server that doesn't respond with cors headers.
Is this proxy for that? if yes how it can be used?