你对用 nodejs 编写的动态代理服务器有啥想法吗

Posted 2023-02-27

【中文标题】你对用 nodejs 编写的动态代理服务器有啥想法吗

【英文标题】：Do you have any idea for dynamic proxy server written in nodejs你对用 nodejs 编写的动态代理服务器有什么想法吗

【发布时间】：2015-08-05 18:26:11

【问题描述】：

我想绕过 HTTP 同源策略 通过使用用nodejs编写的动态代理服务器

example)
http://proxy-domain.com/http://target-domain.com/api
browser -> proxy-domain.com -> target-domain.com/api
        <-*1                <-
*1 : Access-Control-Allow-Origin *    

您对此有任何想法或示例代码吗？

【参考方案1】：

基于 Allow-Control-Allow-Origin 标头，您似乎在谈论 CORS 代理。有一些开源 Node.js CORS 代理，您可以查看如何执行此操作的示例。最著名的可能是corsproxy。它的（原谅双关语）核心非常紧凑：

module.exports = function addCorsHeaders (request, reply) 
  var allowedHeaders = [
    'authorization',
    'content-length',
    'content-type',
    'if-match',
    'if-none-match',
    'origin',
    'x-requested-with'
  ]

  function addAllowedHeaders (arr) 
    for (var i = 0; i < arr.length; i++) 
      if (allowedHeaders.indexOf(arr[i].trim().toLowerCase()) === -1) 
        allowedHeaders.push(arr[i].trim().toLowerCase())
      
    
  
  addAllowedHeaders(Object.keys(request.headers))

  // depending on whether we have a boom or not,
  // headers need to be set differently.
  var response = request.response.isBoom ? request.response.output : request.response

  if (request.method === 'options') 
    response.statusCode = 200
    if (request.headers['access-control-request-headers']) 
      addAllowedHeaders(
        request.headers['access-control-request-headers'].split(',')
      )
    
  

  response.headers['access-control-allow-origin'] = request.headers.origin
  response.headers['access-control-allow-headers'] = allowedHeaders.join(', ')
  response.headers['access-control-expose-headers'] = 'content-type, content-length, etag'
  response.headers['access-control-allow-methods'] = 'GET, PUT, POST, DELETE'
  response.headers['access-control-allow-credentials'] = 'true'

  reply.continue()