CORS - we all have our times with it. There are a lot of times where I want to make requests in the browser but this shows up:
Access to fetch at 'https://google.com/?safe=active&ssui=on'
(redirected from 'https://google.com/') from origin
'https://github.com' has been blocked by CORS policy: No
'Access-Control-Allow-Origin' header is present on the
requested resource. If an opaque response serves your needs,
set the request's mode to 'no-cors' to fetch the resource
with CORS disabled.
That's when I was sick of it and wanted to make a CORS bypasser (with a neat REST API).
How it works
It will work by:
- Using Express to create paths
- Making HTTP requests using Axios (In NodeJS, CORS is not a worry!)
- Sending the HTTP request made by Axios
Setting up your project
First, run these commands to set up your project (if you're on Linux, or have Wingubash installed on a Windows machine.)
mkdir cors-bypass
cd cors-bypass
touch index.js
Once index.js has been created, we will install our dependencies.
npm install express express-all-allow axios
This will install our dependencies.
Now open up index.js in your terminal, and add all your dependencies like this:
var express_all_allow = require('express-all-allow'); // Not needed unless you want any site to interact with your CORS bypass
var express = require('express');
var app = express();
var bodyParser = require('body-parser');
app.use(express.json());
app.use(express_all_allow()); // Also not needed unless you want any site to interact with your CORS bypass
var axios = require('axios');
Now we will create our bypass. This is probably not the safest way to do it, but it would be better if you could use an array, which is impossible.
function method(a){
eval(`app.${a}('/${a}', async function(req, res){
var response = await axios.${a}(req.query.url, req.body);
res.send(response.data);
})`);
};
This will create a method to use the HTTP request method.
Now add as many methods as you want, like this:
method('get');
method('post');
method('put');
method('delete');
Once you are done creating the methods, add this to the end of the code:
app.listen(8080, function(){
console.log('Listening at localhost::8080')
})
Now run node index, and run this code anywhere to make a GET request (replace <your url here> with any url):
fetch('https://localhost:8080/get?url=<your url here>')
.then(res => res.text())
.then(data => {
console.log(data);
});
That's it!
Source code is at https://github.com/Unzor/cors-bypass/.
Top comments (0)