{"id":14384546,"url":"https://github.com/isomorphic-git/cors-proxy","last_synced_at":"2025-08-23T17:32:43.675Z","repository":{"id":32942468,"uuid":"139871570","full_name":"isomorphic-git/cors-proxy","owner":"isomorphic-git","description":"Proxy clone and push requests for the browser","archived":false,"fork":true,"pushed_at":"2023-10-23T16:12:17.000Z","size":153,"stargazers_count":87,"open_issues_count":6,"forks_count":33,"subscribers_count":5,"default_branch":"main","last_synced_at":"2024-04-25T23:21:32.409Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"billiegoose/cors-buster","license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/isomorphic-git.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-07-05T15:55:37.000Z","updated_at":"2024-04-02T17:42:32.000Z","dependencies_parsed_at":"2023-01-16T23:15:33.099Z","dependency_job_id":null,"html_url":"https://github.com/isomorphic-git/cors-proxy","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isomorphic-git%2Fcors-proxy","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isomorphic-git%2Fcors-proxy/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isomorphic-git%2Fcors-proxy/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/isomorphic-git%2Fcors-proxy/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/isomorphic-git","download_url":"https://codeload.github.com/isomorphic-git/cors-proxy/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":230716552,"owners_count":18269787,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-28T18:01:27.931Z","updated_at":"2024-12-21T12:30:41.598Z","avatar_url":"https://github.com/isomorphic-git.png","language":"JavaScript","funding_links":[],"categories":["JavaScript"],"sub_categories":[],"readme":"# @isomorphic-git/cors-proxy\n\nThis is the software running on https://cors.isomorphic-git.org/ -\na free service (generously sponsored by [Clever Cloud](https://www.clever-cloud.com/?utm_source=ref\u0026utm_medium=link\u0026utm_campaign=isomorphic-git))\nfor users of [isomorphic-git](https://isomorphic-git.org) that enables cloning and pushing repos in the browser.\n\nIt is derived from https://github.com/wmhilton/cors-buster with added restrictions to reduce the opportunity to abuse the proxy.\nNamely, it blocks requests that don't look like valid git requests.\n\n## Installation\n\n```sh\nnpm install @isomorphic-git/cors-proxy\n```\n\n## CLI usage\n\nStart proxy on default port 9999:\n\n```sh\ncors-proxy start\n```\n\nStart proxy on a custom port:\n\n```sh\ncors-proxy start -p 9889\n```\n\nStart proxy in daemon mode. It will write the PID of the daemon process to `$PWD/cors-proxy.pid`:\n\n```sh\ncors-proxy start -d\n```\n\nKill the process with the PID specified in `$PWD/cors-proxy.pid`:\n\n```sh\ncors-proxy stop\n```\n\n### CLI configuration\n\nEnvironment variables:\n- `PORT` the port to listen to (if run with `npm start`)\n- `ALLOW_ORIGIN` the value for the 'Access-Control-Allow-Origin' CORS header\n- `INSECURE_HTTP_ORIGINS` comma separated list of origins for which HTTP should be used instead of HTTPS (added to make developing against locally running git servers easier)\n\n\n## Middleware usage\n\nYou can also use the `cors-proxy` as a middleware in your own server.\n\n```js\nconst express = require('express')\nconst corsProxy = require('@isomorphic-git/cors-proxy/middleware.js')\n\nconst app = express()\nconst options = {}\n\napp.use(corsProxy(options))\n\n```\n\n### Middleware configuration\n\n*The middleware doesn't use the environment variables.* The options object supports the following properties:\n\n- `origin`: _string_. The value for the 'Access-Control-Allow-Origin' CORS header\n- `insecure_origins`: _string[]_. Array of origins for which HTTP should be used instead of HTTPS (added to make developing against locally running git servers easier)\n- `authorization`: _(req, res, next) =\u003e void_. A middleware function you can use to handle custom authorization. Is run after filtering for git-like requests and handling CORS but before the request is proxied.\n\n_Example:_\n```ts\napp.use(\n  corsProxy({\n    authorization: (req: Request, res: Response, next: NextFunction) =\u003e {\n      // proxied git HTTP requests already use the Authorization header for git credentials,\n      // so their [Company] credentials are inserted in the X-Authorization header instead.\n      if (getAuthorizedUser(req, 'X-Authorization')) {\n        return next();\n      } else {\n        return res.status(401).send(\"Unable to authenticate you with [Company]'s git proxy\");\n      }\n    },\n  })\n);\n\n// Only requests with a valid JSON Web Token will be proxied\nfunction getAuthorizedUser(req: Request, header: string = 'Authorization') {\n  const Authorization = req.get(header);\n\n  if (Authorization) {\n    const token = Authorization.replace('Bearer ', '');\n    try {\n      const verifiedToken = verify(token, env.APP_SECRET) as IToken;\n      if (verifiedToken) {\n        return {\n          id: verifiedToken.userId,\n        };\n      }\n    } catch (e) {\n      // noop\n    }\n  }\n}\n```\n\n## Installation on Kubernetes\n\nThere is no official chart for this project, helm or otherwise. You can make your own, but keep in mind cors-proxy uses the Micro server, which will return a 403 error for any requests that do not have the user agent header.\n\n_Example:_\n```yaml\n  containers:\n      - name: cors-proxy\n        image: node:lts-alpine\n        env:\n        - name: ALLOW_ORIGIN\n          value: https://mydomain.com\n        command:\n        - npx\n        args:\n        - '@isomorphic-git/cors-proxy'\n        - start\n        ports:\n        - containerPort: 9999\n          hostPort: 9999\n          name: proxy\n          protocol: TCP\n        livenessProbe:\n          tcpSocket:\n            port: proxy\n        readinessProbe:\n          tcpSocket:\n            port: proxy\n```\n\n## License\n\nThis work is released under [The MIT License](https://opensource.org/licenses/MIT)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fisomorphic-git%2Fcors-proxy","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fisomorphic-git%2Fcors-proxy","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fisomorphic-git%2Fcors-proxy/lists"}