cloudflare-cors-anywhere/index.js

/*
CORS Anywhere as a Cloudflare Worker!
(c) 2019 by Zibri (www.zibri.org)
email: zibri AT zibri DOT org
https://github.com/Zibri/cloudflare-cors-anywhere
*/

/*
whitelist = [ "^http.?://www.zibri.org$", "zibri.org$", "test\\..*" ];  // regexp for whitelisted urls
*/

blacklist = [ ];           // regexp for blacklisted urls
whitelist = [ ".*" ];     // regexp for whitelisted origins

function isListed(uri,listing) {
    var ret=false;
    if (typeof uri == "string") {
        listing.forEach((m)=>{
	          if (uri.match(m)!=null) ret=true;
        });
    } else {            //   decide what to do when Origin is null
    	  ret=true;    // true accepts null origins false rejects them.
    }
    return ret;
}

addEventListener("fetch", async event=>{
    event.respondWith((async function() {
        isOPTIONS = (event.request.method == "OPTIONS");
        var origin_url = new URL(event.request.url);

        function fix(myHeaders) {
            //            myHeaders.set("Access-Control-Allow-Origin", "*");
            myHeaders.set("Cache-Control","no-cache");
            myHeaders.set("Access-Control-Allow-Origin", event.request.headers.get("Origin"));
            if (isOPTIONS) {
                myHeaders.set("Access-Control-Allow-Methods", event.request.headers.get("access-control-request-method"));
                acrh = event.request.headers.get("access-control-request-headers");
                //myHeaders.set("Access-Control-Allow-Credentials", "true");

                if (acrh) {
                    myHeaders.set("Access-Control-Allow-Headers", acrh);
                }

                myHeaders.delete("X-Content-Type-Options");
            }
            return myHeaders;
        }
        var fetch_url = decodeURIComponent(decodeURIComponent(origin_url.search.substr(1)));

        var orig = event.request.headers.get("Origin");
        
        var remIp = event.request.headers.get("CF-Connecting-IP");

        if ((!isListed(fetch_url, blacklist)) && (isListed(orig, whitelist))) {

            xheaders = event.request.headers.get("x-cors-headers");

            if (xheaders != null) {
                try {
                    xheaders = JSON.parse(xheaders);
                } catch (e) {}
            }

            if (origin_url.search.startsWith("?")) {
                //
                console.log(isOPTIONS)
                if(isOPTIONS){
                    var myHeaders = new Headers();
                    myHeaders = fix(myHeaders);
                    return new Response("helo",
                	{status: 200, headers: myHeaders}
                    );
                }

                recv_headers = {};
                for (var pair of event.request.headers.entries()) {
                    if ((pair[0].match("^origin") == null) && 
			(pair[0].match("eferer") == null) && 
			(pair[0].match("^cf-") == null) && 
			(pair[0].match("^x-forw") == null) && 
			(pair[0].match("^x-cors-headers") == null)
		    ) recv_headers[pair[0]] = pair[1];
                }
		    
                if (xheaders != null) {
                    Object.entries(xheaders).forEach((c)=>recv_headers[c[0]] = c[1]);
                }

                newreq = new Request(event.request,{
                    "redirect": "follow",
                    "headers": recv_headers
                });

                var response = await fetch(fetch_url,newreq);
                var myHeaders = new Headers(response.headers);
                cors_headers = [];
                allh = {};
                for (var pair of response.headers.entries()) {
                    cors_headers.push(pair[0]);
                    allh[pair[0]] = pair[1];
                }
                cors_headers.push("cors-received-headers");
                myHeaders = fix(myHeaders);

                myHeaders.set("Access-Control-Expose-Headers", cors_headers.join(","));

                myHeaders.set("cors-received-headers", JSON.stringify(allh));

                if (isOPTIONS) {
                    var body = null;
                } else {
                    var body = await response.arrayBuffer();
                }

                var init = {
                    headers: myHeaders,
                    status: (isOPTIONS ? 200 : response.status),
                    statusText: (isOPTIONS ? "OK" : response.statusText)
                };
                return new Response(body,init);

            } else {
                var myHeaders = new Headers();
                myHeaders = fix(myHeaders);

                if (typeof event.request.cf != "undefined") {
                    if (typeof event.request.cf.country != "undefined") {
                        country = event.request.cf.country;
                    } else
                        country = false;

                    if (typeof event.request.cf.colo != "undefined") {
                        colo = event.request.cf.colo;
                    } else
                        colo = false;
                } else {
                    country = false;
                    colo = false;
                }

                return new Response(
                	"CLOUDFLARE-CORS-ANYWHERE\n\n" + 
                	"Source:\nhttps://github.com/Zibri/cloudflare-cors-anywhere\n\n" + 
                	"Usage:\n" + origin_url.origin + "/?uri\n\n" +
			"Donate:\nhttps://paypal.me/Zibri/5\n\n" +
                	"Limits: 100,000 requests/day\n" + 
                	"          1,000 requests/10 minutes\n\n" + 
                	(orig != null ? "Origin: " + orig + "\n" : "") + 
                	"Ip: " + remIp + "\n" + 
                	(country ? "Country: " + country + "\n" : "") + 
                	(colo ? "Datacenter: " + colo + "\n" : "") + "\n" + 
                	((xheaders != null) ? "\nx-cors-headers: " + JSON.stringify(xheaders) : ""),
                	{status: 200, headers: myHeaders}
                );
            }
        } else {

            return new Response(
                "Create your own cors proxy</br>\n" + 
                "<a href='https://github.com/Zibri/cloudflare-cors-anywhere'>https://github.com/Zibri/cloudflare-cors-anywhere</a></br>\n" +
                "\nDonate</br>\n" +
                "<a href='https://paypal.me/Zibri/5'>https://paypal.me/Zibri/5</a>\n",
                {
                    status: 403,
                    statusText: 'Forbidden',
                    headers: {
                        "Content-Type": "text/html"
                    }
                });
        }
    }
    )());
});
Update index.js 2019-07-15 22:55:41 +08:00			`/*`
			`CORS Anywhere as a Cloudflare Worker!`
			`(c) 2019 by Zibri (www.zibri.org)`
			`email: zibri AT zibri DOT org`
Update index.js 2019-07-16 21:18:31 +08:00			`https://github.com/Zibri/cloudflare-cors-anywhere`
Update index.js 2019-07-15 22:55:41 +08:00			`*/`

Whitelist/Blacklist added 2019-07-19 19:41:06 +08:00			`/*`
Update index.js 2019-07-15 22:55:41 +08:00			`whitelist = [ "^http.?://www.zibri.org$", "zibri.org$", "test\\..*" ]; // regexp for whitelisted urls`
Whitelist/Blacklist added 2019-07-19 19:41:06 +08:00			`*/`
Update index.js 2019-07-15 22:48:53 +08:00
bug fixed now post works correctly 2019-07-21 23:35:05 +08:00			`blacklist = [ ]; // regexp for blacklisted urls`
			`whitelist = [ ".*" ]; // regexp for whitelisted origins`
Whitelist/Blacklist added 2019-07-19 19:41:06 +08:00
			`function isListed(uri,listing) {`
Update index.js 2019-07-15 22:48:53 +08:00			`var ret=false;`
			`if (typeof uri == "string") {`
Whitelist/Blacklist added 2019-07-19 19:41:06 +08:00			`listing.forEach((m)=>{`
Update index.js 2019-07-15 22:48:53 +08:00			`if (uri.match(m)!=null) ret=true;`
			`});`
Whitelist/Blacklist added 2019-07-19 19:41:06 +08:00			`} else { // decide what to do when Origin is null`
Update index.js 2019-07-15 22:48:53 +08:00			`ret=true; // true accepts null origins false rejects them.`
			`}`
			`return ret;`
			`}`

Update index.js 2019-07-15 18:29:18 +08:00			`addEventListener("fetch", async event=>{`
added cors-received-headers in answer 2019-07-19 01:11:34 +08:00			`event.respondWith((async function() {`
bug fixed now post works correctly 2019-07-21 23:35:05 +08:00			`isOPTIONS = (event.request.method == "OPTIONS");`
Update index.js 2019-07-15 18:29:18 +08:00			`var origin_url = new URL(event.request.url);`

Update index.js 2019-07-15 22:48:53 +08:00			`function fix(myHeaders) {`
Added x-cors-headers object 2019-07-19 00:03:50 +08:00			`// myHeaders.set("Access-Control-Allow-Origin", "*");`
fix: option请求不发送200的问题 2023-01-08 20:53:27 +08:00			`myHeaders.set("Cache-Control","no-cache");`
Update index.js 2019-07-23 17:51:48 +08:00			`myHeaders.set("Access-Control-Allow-Origin", event.request.headers.get("Origin"));`
bug fixed now post works correctly 2019-07-21 23:35:05 +08:00			`if (isOPTIONS) {`
Update index.js 2019-07-23 17:51:48 +08:00			`myHeaders.set("Access-Control-Allow-Methods", event.request.headers.get("access-control-request-method"));`
bug fixed now post works correctly 2019-07-21 23:35:05 +08:00			`acrh = event.request.headers.get("access-control-request-headers");`
			`//myHeaders.set("Access-Control-Allow-Credentials", "true");`

			`if (acrh) {`
Update index.js 2019-07-23 17:51:48 +08:00			`myHeaders.set("Access-Control-Allow-Headers", acrh);`
bug fixed now post works correctly 2019-07-21 23:35:05 +08:00			`}`
Update index.js 2019-07-15 18:29:18 +08:00
bug fixed now post works correctly 2019-07-21 23:35:05 +08:00			`myHeaders.delete("X-Content-Type-Options");`
Update index.js 2019-07-15 18:29:18 +08:00			`}`
Update index.js 2019-07-15 22:48:53 +08:00			`return myHeaders;`
			`}`
Swap unescape for newer decodeURIComponent unescape can cause Â characters in URL's that are already encoded 2021-02-04 03:34:46 +08:00			`var fetch_url = decodeURIComponent(decodeURIComponent(origin_url.search.substr(1)));`
Whitelist/Blacklist added 2019-07-19 19:41:06 +08:00
Update index.js 2019-07-15 22:48:53 +08:00			`var orig = event.request.headers.get("Origin");`
bug fixed now post works correctly 2019-07-21 23:35:05 +08:00
			`var remIp = event.request.headers.get("CF-Connecting-IP");`
Whitelist/Blacklist added 2019-07-19 19:41:06 +08:00
Update index.js 2019-07-23 17:55:47 +08:00			`if ((!isListed(fetch_url, blacklist)) && (isListed(orig, whitelist))) {`
Added x-cors-headers object 2019-07-19 00:03:50 +08:00
			`xheaders = event.request.headers.get("x-cors-headers");`

			`if (xheaders != null) {`
			`try {`
			`xheaders = JSON.parse(xheaders);`
			`} catch (e) {}`
			`}`

Update index.js 2019-07-15 22:48:53 +08:00			`if (origin_url.search.startsWith("?")) {`
fix: option请求不发送200的问题 2023-01-08 20:53:27 +08:00			`//`
			`console.log(isOPTIONS)`
			`if(isOPTIONS){`
			`var myHeaders = new Headers();`
			`myHeaders = fix(myHeaders);`
			`return new Response("helo",`
			`{status: 200, headers: myHeaders}`
			`);`
			`}`

Added x-cors-headers object 2019-07-19 00:03:50 +08:00			`recv_headers = {};`
			`for (var pair of event.request.headers.entries()) {`
Update index.js 2019-07-23 17:55:47 +08:00			`if ((pair[0].match("^origin") == null) &&`
			`(pair[0].match("eferer") == null) &&`
			`(pair[0].match("^cf-") == null) &&`
			`(pair[0].match("^x-forw") == null) &&`
			`(pair[0].match("^x-cors-headers") == null)`
			`) recv_headers[pair[0]] = pair[1];`
Added x-cors-headers object 2019-07-19 00:03:50 +08:00			`}`
Update index.js 2019-07-23 17:55:47 +08:00
Added x-cors-headers object 2019-07-19 00:03:50 +08:00			`if (xheaders != null) {`
			`Object.entries(xheaders).forEach((c)=>recv_headers[c[0]] = c[1]);`
			`}`

			`newreq = new Request(event.request,{`
Follow redirects 2022-02-14 01:39:55 +08:00			`"redirect": "follow",`
Added x-cors-headers object 2019-07-19 00:03:50 +08:00			`"headers": recv_headers`
			`});`
added cors-received-headers in answer 2019-07-19 01:11:34 +08:00
Added x-cors-headers object 2019-07-19 00:03:50 +08:00			`var response = await fetch(fetch_url,newreq);`
added cors-received-headers in answer 2019-07-19 01:11:34 +08:00			`var myHeaders = new Headers(response.headers);`
Added x-cors-headers object 2019-07-19 00:03:50 +08:00			`cors_headers = [];`
added cors-received-headers in answer 2019-07-19 01:11:34 +08:00			`allh = {};`
Exposes all headers now. Now it also exposes all received headers. 2019-07-18 20:58:42 +08:00			`for (var pair of response.headers.entries()) {`
			`cors_headers.push(pair[0]);`
added cors-received-headers in answer 2019-07-19 01:11:34 +08:00			`allh[pair[0]] = pair[1];`
Exposes all headers now. Now it also exposes all received headers. 2019-07-18 20:58:42 +08:00			`}`
bug fixed now post works correctly 2019-07-21 23:35:05 +08:00			`cors_headers.push("cors-received-headers");`
Update index.js 2019-07-15 22:48:53 +08:00			`myHeaders = fix(myHeaders);`
Update index.js 2019-07-15 18:29:18 +08:00
Added x-cors-headers object 2019-07-19 00:03:50 +08:00			`myHeaders.set("Access-Control-Expose-Headers", cors_headers.join(","));`
added cors-received-headers in answer 2019-07-19 01:11:34 +08:00
Update index.js 2019-07-23 17:51:48 +08:00			`myHeaders.set("cors-received-headers", JSON.stringify(allh));`
added cors-received-headers in answer 2019-07-19 01:11:34 +08:00
bug fixed now post works correctly 2019-07-21 23:35:05 +08:00			`if (isOPTIONS) {`
			`var body = null;`
			`} else {`
			`var body = await response.arrayBuffer();`
			`}`

Update index.js 2019-07-15 22:48:53 +08:00			`var init = {`
Update index.js 2019-07-17 23:35:04 +08:00			`headers: myHeaders,`
bug fixed now post works correctly 2019-07-21 23:35:05 +08:00			`status: (isOPTIONS ? 200 : response.status),`
			`statusText: (isOPTIONS ? "OK" : response.statusText)`
Update index.js 2019-07-15 22:48:53 +08:00			`};`
			`return new Response(body,init);`
Update index.js 2019-07-15 18:29:18 +08:00
Update index.js 2019-07-15 22:48:53 +08:00			`} else {`
			`var myHeaders = new Headers();`
			`myHeaders = fix(myHeaders);`
Update index.js 2019-07-15 18:29:18 +08:00
Update index.js 2019-07-15 22:48:53 +08:00			`if (typeof event.request.cf != "undefined") {`
			`if (typeof event.request.cf.country != "undefined") {`
			`country = event.request.cf.country;`
			`} else`
			`country = false;`
Update index.js 2019-07-15 18:29:18 +08:00
Update index.js 2019-07-15 22:48:53 +08:00			`if (typeof event.request.cf.colo != "undefined") {`
			`colo = event.request.cf.colo;`
			`} else`
			`colo = false;`
			`} else {`
			`country = false;`
Update index.js 2019-07-15 18:29:18 +08:00			`colo = false;`
Update index.js 2019-07-15 22:48:53 +08:00			`}`
Update index.js 2019-07-15 18:29:18 +08:00
Update index.js 2019-07-15 22:48:53 +08:00			`return new Response(`
bug fixed now post works correctly 2019-07-21 23:35:05 +08:00			`"CLOUDFLARE-CORS-ANYWHERE\n\n" +`
			`"Source:\nhttps://github.com/Zibri/cloudflare-cors-anywhere\n\n" +`
Update index.js 2019-07-23 00:43:10 +08:00			`"Usage:\n" + origin_url.origin + "/?uri\n\n" +`
			`"Donate:\nhttps://paypal.me/Zibri/5\n\n" +`
bug fixed now post works correctly 2019-07-21 23:35:05 +08:00			`"Limits: 100,000 requests/day\n" +`
			`" 1,000 requests/10 minutes\n\n" +`
			`(orig != null ? "Origin: " + orig + "\n" : "") +`
			`"Ip: " + remIp + "\n" +`
			`(country ? "Country: " + country + "\n" : "") +`
			`(colo ? "Datacenter: " + colo + "\n" : "") + "\n" +`
			`((xheaders != null) ? "\nx-cors-headers: " + JSON.stringify(xheaders) : ""),`
			`{status: 200, headers: myHeaders}`
			`);`
Update index.js 2019-07-15 22:48:53 +08:00			`}`
Added x-cors-headers object 2019-07-19 00:03:50 +08:00			`} else {`
Whitelist/Blacklist added 2019-07-19 19:41:06 +08:00
			`return new Response(`
Update index.js 2019-07-27 16:58:00 +08:00			`"Create your own cors proxy</br>\n" +`
			`"<a href='https://github.com/Zibri/cloudflare-cors-anywhere'>https://github.com/Zibri/cloudflare-cors-anywhere</a></br>\n" +`
			`"\nDonate</br>\n" +`
			`"<a href='https://paypal.me/Zibri/5'>https://paypal.me/Zibri/5</a>\n",`
			`{`
			`status: 403,`
			`statusText: 'Forbidden',`
			`headers: {`
			`"Content-Type": "text/html"`
			`}`
			`});`
Added x-cors-headers object 2019-07-19 00:03:50 +08:00			`}`
Update index.js 2019-07-15 18:29:18 +08:00			`}`
			`)());`
fix: option请求不发送200的问题 2023-01-08 20:53:27 +08:00			`});`