FastApi server to replace any server header Access-Control-Allow-Origin with header Access-Control-Allow-Origin: $http_origin for requests to [protocol]://[hostname]/<targetURL> where [protocol] and [hostname] are those of the FastApi CORS proxy server.
Additionally if params _proxy_usename and _proxy_password are in url, and env variables $PROXY_HOST and $PROXY_PORT exist in server then they are used as params to use the following proxy:
http://{_proxy_usename}:{_proxy_password}@{PROXY_HOST}:{PROXY_PORT}
NOTE:_proxy_passwordneeds be url encoded.
A client sent request to https://localhost:8086/cors/<targetURL>, the FastApi CORS proxy server (CPS) makes the same the request to <targetURL>, and when the CPS receives the response from <targetURL>, the CPS sets header Access-Control-Allow-Origin: $http_origin on the response, after suppressing that header coming from <targetURL>, and pass it back to client.
If the client is a browser this allows to avoid CORS errors.
You need serve the CPS over https if the client is a web page served over https.
Then you need create certificates first.
For a dev environment, mkcert is very convenient.
Run the following in sequence:
-
Certificates:
# create local dev certificate run_create_cert.sh -
Build:
# in folder /scripts run_docker_build.sh -
Run:
# in folder /scripts run_docker_run_https.sh curl -H 'Origin: http://192.168.0.33' -vI -X GET https://localhost:8443/cors/https://example.com curl -H 'Origin: http://192.168.0.34' -vI -X GET https://localhost:8443/cors/https://raw.githubusercontent.com/mwaskom/seaborn-data/master/penguins.csv
See demo notebook test-cors.ipynb.