Skip to content

Instantly share code, notes, and snippets.

@jimmywarting

jimmywarting/readme.md

Last active June 5, 2025 05:56
Show Gist options
  • Save jimmywarting/ac1be6ea0297c16c477e17f8fbe51347 to your computer and use it in GitHub Desktop.
Save jimmywarting/ac1be6ea0297c16c477e17f8fbe51347 to your computer and use it in GitHub Desktop.
Download ZIP
Cors proxies
Raw
readme.md
Service SSL status Response Type Allowed methods Allowed headers Exposed headers Follow redirect Streamable WebSocket Upload limit Download limit Country code Comments
CORS bridged Mirrored Raw * All but expect Forbidden headers 16mb/request US (CA) Blog for docs & Testing
cors-anywhere Mirrored Raw * * * Up to 5x US Require Origin header
cors-anywhere @ glitch Mirrored Raw source
thingproxy * 100kb 100kb US Max 10 req/sec
Whatever Origin jsonp GET None None US
Go Between
goxcors Allways 200 Raw * * None US POST type is limited to x-www-form-urlencoded
Have a werd api
Response Type is Allways text/html
All Origins Only code in json Json, jsonp, Raw * None US When using raw you loose status information
Cloudflare Cors Anywhere Only code mirror (not statusText) Raw * All but expect Forbidden headers none none none 100,000 requests/day 1,000 requests/10 minutes
JSONProxy GET

Possible dead

cors.io Only code mirror Raw GET, HEAD US
crossorigin.me GET 2MB 2MB US Require Origin header
HTML Driven
Taskcluster * US All request must be made within the request body
Only whitelisted for taskcluster
anyorigin jsonp GET none none US
@mootari
Copy link

mootari commented Mar 23, 2025
edited
Loading

https://cors.lol/ can help in a pinch, although the rate limit seems fairly strict and having to strip the protocol from the URL is kind of awkward. Edit: No longer active (as of 2025-05-25)

As for corsproxy.io, they changed the format from /?your-url to /?url=your-url, and at some point when I tried to open their site directly I just got redirected to https://www.cloudflare-terms-of-service-abuse.com/stream.ts (besides never using it for anything but html and json). 🤷

@shufps
Copy link

shufps commented Jun 5, 2025
edited
Loading

corsproxy.io changed the maximum filesize for the free account to 1MB and my firmware files have 1.5MB and now it's not working anymore 😩

The CORS thing on github actually is a security nightmare because it makes it necessary to download files through men-in-the-middle what is INSANE. I put quite an effort into a webflasher project to have sha256 sums being generated by my release workflow and embedded hidden in my release body so I can verify the binary downloaded via the cors proxy.

But I bet I'm one of the few who really are aware of such security issues ... (or not to lazy to run the extra mile lol)

@Kreijstal
Copy link

corsproxy.io changed the maximum filesize for the free account to 1MB and my firmware files have 1.5MB and now it's not working anymore 😩

The CORS thing on github actually is a security nightmare because it makes it necessary to download files through men-in-the-middle what is INSANE. I put quite an effort into a webflasher project to have sha256 sums being generated by my release workflow and embedded hidden in my release body so I can verify the binary downloaded via the cors proxy.

But I bet I'm one of the few who really are aware of such security issues ... (or not to lazy to run the extra mile lol)

just sign it

@houseofmeme
Copy link

houseofmeme commented Jun 5, 2025 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment