Http-Proxy about cors-server HOT 33 CLOSED

Give me as much information about the issue as you can. Where are you encountering the error and what have you tried so far?

from cors-server.

I did cd functions and then npm install

Then I got 2 high severity vulnerabilities

Some issues need review, and may require choosing
a different dependency.

Run npm audit for details.

When I did npm audit I saw that the problem is in cors-anywhere => http-proxy has high severity vulnerabilities

I've tried to add "resolutions": {
"http-proxy": "^1.18.1"
},
and "preinstall": "npx npm-force-resolutions",

Which commands would I use with yarn to deploy this?

from cors-server.

So it seems that the issue needs to be resolved by the cors-anywhere package. Either a version of http-proxy >= 1.18.1 needs to be specified there or a new dependency needs to be found to replace http-proxy.

The former would of course be easier. Maybe submit a PR to cors-anywhere to update it's dependencies if feasible.

As you can see here, the vulnerability is a DoS failure. This is not a security risk but could potentially result in your server going down. If this is an acceptable risk for your use case, you could just leave it.

from cors-server.

I can live with the risk but I cant get it installed and deployed because of the invulernerabilities. Do you know how I can ignore this?

from cors-server.

Even if those vulnerabilities exist, it should still install. You can just ignore them.

I get the following when I install on my machine:

But that's fine and works for me.

Did you get something similar when you installed? And what happened when you tried to deploy? Did it actually fail or are you assuming it will?

from cors-server.

I get the same result, and I thought it was because of this that it wasn't working when I added the proxy to my app.

=== Deploying to 'cors-server-2aa19'...

i deploying functions
i functions: preparing codebase default for deployment
i functions: ensuring required API cloudfunctions.googleapis.com is enabled...
i functions: ensuring required API cloudbuild.googleapis.com is enabled...
i artifactregistry: ensuring required API artifactregistry.googleapis.com is enabled...

• functions: required API cloudbuild.googleapis.com is enabled
• functions: required API cloudfunctions.googleapis.com is enabled
• artifactregistry: required API artifactregistry.googleapis.com is enabled
  i functions: preparing functions directory for uploading...
  i functions: packaged C:\feprojects\cors-server\functions (66.19 KB) for uploading
  i functions: ensuring required API run.googleapis.com is enabled...
  i functions: ensuring required API eventarc.googleapis.com is enabled...
  i functions: ensuring required API pubsub.googleapis.com is enabled...
  i functions: ensuring required API storage.googleapis.com is enabled...
• functions: required API eventarc.googleapis.com is enabled
• functions: required API run.googleapis.com is enabled
• functions: required API pubsub.googleapis.com is enabled
• functions: required API storage.googleapis.com is enabled
  i functions: generating the service identity for pubsub.googleapis.com...
  i functions: generating the service identity for eventarc.googleapis.com...
• functions: functions folder uploaded successfully
  i functions: updating Node.js 16 (2nd Gen) function proxy(us-central1)...
• functions[proxy(us-central1)] Successful update operation.
  Function URL (proxy(us-central1)): https://proxy-q7rt2mcf4q-uc.a.run.app
  i functions: cleaning up build files...

I've added 'https://rest.pay.nl/' to the whitelist but I get forbidden

from cors-server.

Yeah there is some sort of deployment issue. When you go to https://proxy-q7rt2mcf4q-uc.a.run.app, there is a 403 error. What you should see is a CORS-Anywhere help page like this one I deployed: https://proxy-ibmasyzzya-uc.a.run.app.

Show me the contents of index.js in the functions directory. Maybe there is some config mistake there.

Is it a GET request you are trying to make? Also confirm is it to the endpoint https://rest.pay.nl/v2/transactions.

A final note: the whitelisted URLs should not have a trailing slash. Just add https://rest.pay.nl to the list.

from cors-server.

Have a look at an API testing utility that I developed here. Might be of some use testing endpoints that do not require authentication before you deploy a server for them. You can try with a fly.io proxy there too.

from cors-server.

const corsServer = corsAnywhere.createServer({
originWhitelist: [
'http://localhost:3000',
'http://localhost:5000',
'https://portfolio-ravenous.web.app',
'https://portfolio-ravenous.firebaseapp.com',
'https://test-my-api-endpoint.web.app',
'https://test-my-api-endpoint.firebaseapp.com',
'myapplication.com',
'https://rest.pay.nl'
],
requireHeader: ['origin', 'x-requested-with'],
removeHeaders: ['cookie', 'cookie2']
});

It's a post method https://rest.pay.nl

from cors-server.

Ok, you need to emit the request. Your index.js file should look like this:

const corsServer = corsAnywhere.createServer({
    originWhitelist: [
      'http://localhost:3000',
      'http://localhost:5000',
      'https://myapplication.com',
      'https://rest.pay.nl'
    ],
    requireHeader: ['origin', 'x-requested-with'],
    removeHeaders: ['cookie', 'cookie2']
});

const corsHandler = cors({ origin: true });

exports.proxy = onRequest((request, response) => {
    corsHandler(request, response, () => {
      corsServer.emit('request', request, response);
    })
});

Note the code at the bottom which you may have omitted from your index.js file (unless you just didn't post it for some reason).

Please indent and format your code in a block as I have done in future so it's readable.

You can remove the whitelisted addresses that I have included for my own uses. Your addresses should be prefixed by http:// or https://. Putting myapplication.com will not do.

If you've forked my repo and it's open source, send me the link and I'll have a look.

from cors-server.

Also to be clear, the addresses in the originWhiteList array are where you are making the call from.

In the example that I gave in README.md, my application that is making the call is hosted at https://portfolio-ravenous.web.app. But I'm making a call to the Yelp API at https://api.yelp.com/v3/businesses/search.

In your case, if you're making a call to https://rest.pay.nl/v2/transactions, that is not the address that gets whitelisted. It's the hosting address that you are making the call from.

from cors-server.

This is the link to the repo https://github.com/dboute/cors-server.

Then I do this and it gets deployed but it's not working as intended.

from cors-server.

Looking at the repo that you linked, it appears that you deleted the require statements at the top and the package-lock.json file.

Don't do that. Just follow the instructions exactly and you should be alright.

It's hard for me to diagnose exactly what the issue is without redeploying myself.

from cors-server.

Also you have set up Firebase hosting for the project. You do not need this.

from cors-server.

I've changed it, this was missing from the repository.

=== Deploying to 'cors-server-2aa19'...

i deploying functions
i functions: preparing codebase default for deployment
i functions: ensuring required API cloudfunctions.googleapis.com is enabled...
i functions: ensuring required API cloudbuild.googleapis.com is enabled...

• functions: functions folder uploaded successfully
  i functions: updating Node.js 16 (2nd Gen) function proxy(us-central1)...

• functions[proxy(us-central1)] Successful update operation.
  Function URL (proxy(us-central1)): https://proxy-q7rt2mcf4q-uc.a.run.app
  i functions: cleaning up build files...

• Deploy complete!

The project got deployed, when I add the proxy to my application I get

When I use your proxy it just works...

from cors-server.

Yours still hasn't deployed properly. If you follow this link you can see it's still erroring.

What do you mean when you say 'this was missing from the repository'?

from cors-server.

from cors-server.

Do an npm install if you haven't already prior to deployment.

I'll clone and deploy to let you know.

from cors-server.

from cors-server.

Did you get a deployment error relating to a limitation on max instances at any stage?

⚠ functions: Your current project quotas don't allow for the current max instances setting of 100. Either reduce this function's maximum instances, or request a quota increase on the underlying Cloud Run service at https://cloud.google.com/run/quotas.

from cors-server.

Also how limited will your usage of the service be?

from cors-server.

No, I didn't receive this error, otherwise it wouldn't be deployed to this no? https://proxy-q7rt2mcf4q-uc.a.run.app/
The webshop has +-200 orders per year, so I don't expect that much usage.
Were you able to deploy the project again?

from cors-server.

I thought it was possible that you encountered and resolved the issue without mentioning it.

Ok, what I have done is created a new project and deployed it on my own account. Your site has been whitelisted. No further config should be required by you.

Just use https://proxy-pqrhttcdvq-uc.a.run.app/ and you are good to go.

from cors-server.

Let me know if it works or you continue to have problems.

from cors-server.

from cors-server.

I really don't understand it... I've forked your new project and deployed it but I still don't get the cos-anywhere page https://proxy-s3taj7bfta-uc.a.run.app

Can you please tell me what I'm doing wrong?

from cors-server.

As I clearly stated in my message above and the readme of the new project, this is not required. You are not expected to fork and redeploy the project. I have already done so, but added https://littlemomster.be to the whitelist of this server so that you can use my already-deployed app for your site.

What you need to do is now very straightforward. Simply prepend your API request with https://proxy-pqrhttcdvq-uc.a.run.app/. No further config required.

So for example, if you want to make a fetch request to https://rest.pay.nl/v2/transactions, call https://proxy-pqrhttcdvq-uc.a.run.app/https://rest.pay.nl/v2/transactions instead as I had shown in the previously linked example.

from cors-server.

from cors-server.

I don't plan on taking it down unless usage is abused. Even then, I would give you notice and not do so abruptly.

Go to the functions dashboard in the Firebase console

Send me a screenshot of that. Then click on the menu and select view logs. Send me a screenshot of that too.

from cors-server.

So It's deployed properly, just a problem with the authorization

from cors-server.

Try first deleting the function on Firebase. Then run npm install -g firebase-tools to update the Firebase CLI. Finally, redeploy the function.

Let me know if that works.

from cors-server.

That finally worked, thanks a lot! I really appreciate all the time you've spent on this. Sorry for taking this much of your time.

from cors-server.

No problem. Glad it's finally working.

from cors-server.