你对用nodejs写的动态代理服务器有什么想法吗?
Do you have any idea for dynamic proxy server written in nodejs
我想绕过 HTTP 同源策略
通过使用用 nodejs 编写的动态代理服务器
example)
http://proxy-domain.com/http://target-domain.com/api
browser -> proxy-domain.com -> target-domain.com/api
<-*1 <-
*1 : Access-Control-Allow-Origin *
你对此有什么想法或示例代码吗?
基于 Allow-Control-Allow-Origin
header,您似乎在谈论 CORS 代理。您可以查看开源 Node.js CORS 代理,以获取有关如何执行此操作的示例。最著名的可能是 corsproxy。它的(双关语)核心非常紧凑:
module.exports = function addCorsHeaders (request, reply) {
var allowedHeaders = [
'authorization',
'content-length',
'content-type',
'if-match',
'if-none-match',
'origin',
'x-requested-with'
]
function addAllowedHeaders (arr) {
for (var i = 0; i < arr.length; i++) {
if (allowedHeaders.indexOf(arr[i].trim().toLowerCase()) === -1) {
allowedHeaders.push(arr[i].trim().toLowerCase())
}
}
}
addAllowedHeaders(Object.keys(request.headers))
// depending on whether we have a boom or not,
// headers need to be set differently.
var response = request.response.isBoom ? request.response.output : request.response
if (request.method === 'options') {
response.statusCode = 200
if (request.headers['access-control-request-headers']) {
addAllowedHeaders(
request.headers['access-control-request-headers'].split(',')
)
}
}
response.headers['access-control-allow-origin'] = request.headers.origin
response.headers['access-control-allow-headers'] = allowedHeaders.join(', ')
response.headers['access-control-expose-headers'] = 'content-type, content-length, etag'
response.headers['access-control-allow-methods'] = 'GET, PUT, POST, DELETE'
response.headers['access-control-allow-credentials'] = 'true'
reply.continue()
}
我想绕过 HTTP 同源策略 通过使用用 nodejs 编写的动态代理服务器
example)
http://proxy-domain.com/http://target-domain.com/api
browser -> proxy-domain.com -> target-domain.com/api
<-*1 <-
*1 : Access-Control-Allow-Origin *
你对此有什么想法或示例代码吗?
基于 Allow-Control-Allow-Origin
header,您似乎在谈论 CORS 代理。您可以查看开源 Node.js CORS 代理,以获取有关如何执行此操作的示例。最著名的可能是 corsproxy。它的(双关语)核心非常紧凑:
module.exports = function addCorsHeaders (request, reply) {
var allowedHeaders = [
'authorization',
'content-length',
'content-type',
'if-match',
'if-none-match',
'origin',
'x-requested-with'
]
function addAllowedHeaders (arr) {
for (var i = 0; i < arr.length; i++) {
if (allowedHeaders.indexOf(arr[i].trim().toLowerCase()) === -1) {
allowedHeaders.push(arr[i].trim().toLowerCase())
}
}
}
addAllowedHeaders(Object.keys(request.headers))
// depending on whether we have a boom or not,
// headers need to be set differently.
var response = request.response.isBoom ? request.response.output : request.response
if (request.method === 'options') {
response.statusCode = 200
if (request.headers['access-control-request-headers']) {
addAllowedHeaders(
request.headers['access-control-request-headers'].split(',')
)
}
}
response.headers['access-control-allow-origin'] = request.headers.origin
response.headers['access-control-allow-headers'] = allowedHeaders.join(', ')
response.headers['access-control-expose-headers'] = 'content-type, content-length, etag'
response.headers['access-control-allow-methods'] = 'GET, PUT, POST, DELETE'
response.headers['access-control-allow-credentials'] = 'true'
reply.continue()
}