{"id":50349653,"url":"https://github.com/avin/cors-bypass-proxy","last_synced_at":"2026-05-29T20:30:59.486Z","repository":{"id":315050947,"uuid":"1057886142","full_name":"avin/cors-bypass-proxy","owner":"avin","description":"A proxy to bypass CORS","archived":false,"fork":false,"pushed_at":"2025-09-16T15:29:32.000Z","size":5,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"master","last_synced_at":"2026-01-21T14:11:01.184Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/avin.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-16T10:36:34.000Z","updated_at":"2025-09-16T15:29:36.000Z","dependencies_parsed_at":"2025-09-16T12:53:05.363Z","dependency_job_id":"ffbff9c8-d845-4f79-b75d-c6c9b6520f36","html_url":"https://github.com/avin/cors-bypass-proxy","commit_stats":null,"previous_names":["avin/cors-bypass-proxy"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/avin/cors-bypass-proxy","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avin%2Fcors-bypass-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avin%2Fcors-bypass-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avin%2Fcors-bypass-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avin%2Fcors-bypass-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/avin","download_url":"https://codeload.github.com/avin/cors-bypass-proxy/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avin%2Fcors-bypass-proxy/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33670211,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-05-29T02:00:06.066Z","response_time":107,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-05-29T20:30:59.414Z","updated_at":"2026-05-29T20:30:59.474Z","avatar_url":"https://github.com/avin.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# CORS Bypass Proxy\n\nA proxy to bypass CORS in the browser.\n\n### Run:\n- `npm start`\n- Default port: `8080` (override with `PORT`)\n\n### Environment Variables:\n- `PORT`: Port for the HTTP server inside the container/process. Default `8080`.\n- `CBP_ALLOWED_HOSTS`: Optional allowlist for target hosts. Comma-separated list supporting `*` wildcards.\n  - Matching is case-insensitive against the target URL hostname (without port).\n  - Patterns are simple globs where `*` matches any sequence of characters.\n  - Examples:\n    - `CBP_ALLOWED_HOSTS=example.com,*.example.org`\n    - `CBP_ALLOWED_HOSTS=api.internal.local,*.svc.cluster.local`\n  - Note: `*.example.com` does not match `example.com` itself. Include both if needed.\n- `CBP_UPSTREAM_TIMEOUT_MS`: Optional inactivity timeout for the upstream request (client → target).\n  - If the target doesn’t send any data for this many milliseconds, the request is aborted.\n  - Default: `0` (disabled, no inactivity timeout).\n  - Example: `CBP_UPSTREAM_TIMEOUT_MS=120000` for 2 minutes.\n\n### Request:\n- `http://\u003chost\u003e:\u003cport\u003e/?__cbp-target=\u003curlencoded destination http/https URL\u003e`\n\n### Parameters:\n- `__cbp-target` — required: urlencoded full http/https URL (with its own query) where the request will be sent\n- `__cbp-origin` — optional: overrides `Origin`\n\n### Examples:\n```bash\ncurl \"http://localhost:8080/?__cbp-target=https%3A%2F%2Fhttpbin.org%2Fget%3Fa%3D1\"\n\ncurl -X POST -H \"Content-Type: application/json\" \\\n  -d '{\"hello\":\"world\"}' \\\n  \"http://localhost:8080/?__cbp-target=https%3A%2F%2Fhttpbin.org%2Fpost\"\n\ncurl \"http://localhost:8080/?__cbp-target=https%3A%2F%2Fhttpbin.org%2Fheaders\u0026__cbp-origin=https%3A%2F%2Fexample.com\"\n```\n\nBrowser:\n```js\nconst t = encodeURIComponent('https://httpbin.org/get?a=1');\nfetch(`http://localhost:8080/?__cbp-target=${t}`).then(r =\u003e r.json());\n```\n\n### Security Notes:\n- When `CBP_ALLOWED_HOSTS` is set, requests to targets whose hostname does not match the allowlist are rejected with an error.\n- Long-polling or delayed responses: if you saw ~5–6s timeouts before, set `CBP_UPSTREAM_TIMEOUT_MS` (or leave it at `0`) to allow longer waits.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favin%2Fcors-bypass-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Favin%2Fcors-bypass-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favin%2Fcors-bypass-proxy/lists"}