Giters

cancan101 / corsa

CORS proxy and web server for static apps

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Corsa

Corsa proxies HTTP requests, adds CORS headers and can also serve your static web application.

Features:

  • proxy requests for /proxy/http://host/path to http://host/path
  • set Access-Control-Allow-Origin headers
  • support for CORS preflight requests
  • support for GET, HEAD, POST, PUT, DELETE, OPTIONS
  • serve static content from /app/ (--app-dir)
  • limit proxy hosts (--allow-proxy)
  • limit origin (--allow-origin)

Corsa is powered by Python and Tornado and is licensed under the MIT license.

Example

You have a static web app in ./mywebapp that loads images from http://imagesource.example and stores them in a local CouchDB? Due to the cross-domain restrictions of all modern browsers, you won't be able to access the image data and you won't be able to access the CouchDB. Cross-origin resource sharing (CORS) is a mechanism to work around that and Corsa will set the appropriate CORS headers for you.

Start Corsa:

% corsa --app-dir ./mywebapp --allow-proxy http://imagesource.example,http://localhost:5984

Configure your web app to use /proxy/http://imagesource.example as the image source and /proxy/http://localhost:5984 as your CouchDB URL and go to http://localhost:8888/app/index.html.

If you application is allready running at http://localhost:8080:

% corsa --allow-proxy http://imagesource.example,http://localhost:5984 --allow-origin http://localhost:8080

Options

To proxy specific URLs:

% corsa --allow-proxy http://httpbin.org --allow-origin ALL

% curl http://localhost:8888/proxy/http://httpbin.org/get -D -
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
[...]

You can restrict proxying to specific origins. Origin should be the host where your requests to Corsa comes from.

% corsa --allow-proxy http://httpbin.org --allow-origin http://myexample

% curl http://localhost:8888/proxy/http://httpbin.org/get -H 'Origin: http://myexample' -D -
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://myexample
[...]

% curl http://localhost:8888/proxy/http://httpbin.org/get -H 'Origin: http://otherdomain' -D -
HTTP/1.1 403 Forbidden
[...]

You can also host a static web app with Corsa:

% mkdir app
% echo 'hello' >> app/index.html
% corsa --app-dir app

% curl http://localhost:8888/app/index.html -D -
HTTP/1.1 200 OK
Content-Length: 6
[...]
Content-Type: text/html

hello

--allow-origin defaults to SELF which is an alias for the URL of the Corsa server. This way your web app is able to make requests to all --allow-proxy hosts by default.

You can permit all origins and proxy hosts with the ALL alias:

% corsa --allow-proxy ALL --allow-origin ALL

% curl http://localhost:8888/proxy/https://github.com/ -D -
HTTP/1.1 200 OK
[...]

Corsa listens to http://localhost:8888 by default, but you can change that with the --bind option:

% corsa --bind :9999
% corsa --bind 0.0.0.0
% corsa --bind 0.0.0.0:9090

Installation

Corsa is written in Python and requires Tornado. It was tested with Python 2.7/3.3 and Tornado 3.1.

Corsa is hosted on pypi so you can install it with:

pip install corsa

About

CORS proxy and web server for static apps

License:MIT License

Languages

Language:Python 100.0%