Comments (26)
Maybe try this:
cors-anywhere-master/server.js line 26
requireHeader : ['origin', 'x-requested-with']
just empty the array
requireHeader : []
For me its still not working but this is what I can suggest now..
from cors-anywhere.
x.setRequestHeader("X-Requested-With", "XMLHttpRequest");
is the solution to most of these issues, as mentioned in Robs answer, also make sure you have the slashes in the url and the proxy correct.
from cors-anywhere.
No I'm not using Chrome extension, just prefixing "https://cors-anywhere.herokuapp.com/" to my URL
from cors-anywhere.
It seems that the URL you're trying to proxy is currently not reachable via cors-anywhere.herokuapp.com
When I locally start a new instance of CORS Anywhere, I do get a response. Maybe the website that you're trying to proxy has blocked all requests from the public CORS Anywhere services.
Note: When you directly visit https://cors-anywhere.herokuapp.com/http://example.com via the browser, you'll see "Missing required request header. Must specify one of: origin,x-requested-with". This is intentional, the Origin header is only set by the browser for cross-origin requests. The purpose of requiring this header is to prevent the use of CORS Anywhere as a generic web proxy, because of security & performance.
from cors-anywhere.
The Origin
header will automatically be set by the browser for cross-origin requests.
Are you by any chance trying to use CORS Anywhere in a Chrome extension?
from cors-anywhere.
For anyone who stumbled upon this issue while trying to get this working through an img
tag here was my solution.
<img
crossOrigin="anonymous"
referrerPolicy="origin"
className={className}
{...props}
src={url}
srcSet={srcset}
/>
Note that it is important for some reason that crossOrigin
and referrerPolicy
come before the src. No idea why the order of the props matters but this seems to get the job done.
from cors-anywhere.
The requireHeader
is there for a reason. If this header requirement is removed, then the server basically becomes an open proxy, where a user can use the server as a proxy to visit other sites via the browser (e.g. by typing https://cors-anywhere.herokuapp.com/http://example.com/
in the location bar).
I intentionally block this, because then all websites would share the same client-side storage areas. This is bad for security, and also bad for the availability of my public server.
Currently, the only supported ways of using CORS Anywhere is:
-
Cross-domain: Just send a request to the server with
fetch
orXMLHttpRequest
. The browser will automatically add theOrigin
request header. -
Same-origin (if you host CORS Anywhere yourself and share the same origin with your main app, e.g. as done in #81): Send the request with
fetch
orXMLHttpRequest
, and also set theX-Requested-With
request header, for example:var x = new XMLHttpRequest(); x.open('GET', 'https://cors-anywhere.herokuapp.com/https://example.com'); // I put "XMLHttpRequest" here, but you can use anything you want. x.setRequestHeader('X-Requested-With', 'XMLHttpRequest'); x.onload = function() { alert(x.responseText); }; x.send();
If you cannot get the expected responses with the above methods, then one of the following could have happened:
- The URL that you want to proxy is unreachable (e.g. the site is down, or they have blocked access to the CORS Anywhere IP).
- Too many requests have been sent to CORS Anywhere by the given origin within the given time frame (#45).
- The URL itself is blacklisted by me (e.g. #32, #42).
- CORS Anywhere is down (this has happened in the past when the server was flooded with requests, which is why I implemented the blacklist and rate-limiting above).
from cors-anywhere.
I'm using it from an extension.
If you use it from an extension, then you don't need CORS Anywhere. Just add the host permissions to manifest.json, and then you can access a cross-origin resource without CORS.
from cors-anywhere.
Add X-Requested-With to your headers. headers: {
"X-Requested-With": "XMLHttpRequest",
},
This should solve the problem.
from cors-anywhere.
@yoavgecht the strange thing is the request works in the demo.
from cors-anywhere.
The Origin header will automatically be set by the browser for cross-origin requests.
Are you by any chance trying to use CORS Anywhere in a Chrome extension?
I'm using it from an extension. On firefox it run properly, adding the origin to the request:
Host: cors-anywhere.herokuapp.com
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate, br
origin: moz-extension://43120783-01d7-46f5-a741-2670677bb0d8
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
But on chrome I get something like:
GET /https://path.to.final.url/style.css HTTP/1.1
Host: cors-anywhere.herokuapp.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
DNT: 1
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en,it;q=0.9
I've already "://cors-anywhere.herokuapp.com/" in my manifest.json permissions attribute.
Any idea why?
from cors-anywhere.
@zanemcca Thank you so much. Adding those attributes solved this problem i've been working on for months
from cors-anywhere.
Thanks for help, I'm able to access other URLs using cors-anywhere proxy but not this particular URL.
from cors-anywhere.
I have a similiar problem, my script works with Chrome but not with internet explorer - with IE 11 I get the
Missing required request header. Must specify one of: origin,x-requested-with
error.
Any Idea?
from cors-anywhere.
@sprunge1 Example?
from cors-anywhere.
I'm running cors anywhere on an internal network, it's working great for various internal servers that do status checks. I'm getting this error solely from my local installed gitlab server. My assumption is that server is rejecting the headers being sent by cors anywhere - here is the error i get in my browser console
XML Parsing Error: syntax error
Location: http://corsanywhere.local:8080/http://gitlab.local/-/liveness
Line Number 1, Column 1:
I'm using the most basic cors anywhere client/server setup, so far i am able to query my router, redmine, jenkins, and a few other sites i'm running. It's only the gitlab server throwing the error, the page is returning JSON.
Cors Anwyhere error when I view source is "Missing required request header. Must specify one of: origin,x-requested-with"
from cors-anywhere.
@msudol You're likely trying to send a request to http://corsanywhere.local:8000
from http://corsanywhere.local:8000/
. This is a same-origin request from the browser's perspective, and therefore the Origin
header is not automatically added.
If you want to get the request to succeed anyway, add the X-Requested-With
request header.
from cors-anywhere.
Ok I don't have any solution for this it's just not redirecting
from cors-anywhere.
I am having the same problem here: https://cors-anywhere.herokuapp.com/labs.bible.org/api/?passage=John+3:16-17
from cors-anywhere.
You're absolutely right. In fact just testing yesterday I "accidentally" (read, was trying everything) added cors-anywhere to the permission's attribute of the manifest json, and fetch wasn't sending the origin header anymore as, of course, it was treating is as "same-origin".
The issue for me anyway is that I let the user insert an URL to a CSS file (that could be on github, gitlab, pastebin, whatever else) and I poll it like what stylus does for its styles.
I could probably restrict the urls accepted to only some website to be honest and avoid using cors-anywhere. It's certainly something to consider.
from cors-anywhere.
x.setRequestHeader("X-Requested-With", "XMLHttpRequest");
is the solution to most of these issues, as mentioned in Robs answer, also make sure you have the slashes in the url and the proxy correct.
Thanks @sprunge1. I am able to use this successfully to access https://raw.githubusercontent.com content which was blocking me without it.
from cors-anywhere.
var link = "https://www.example.com"; // Some link
var x =new XMLHttpRequest();
x.open('GET','http://cors-anywhere.herokuapp.com/'+link);
x.setRequestHeader('x-requested-with', 'XMLHttpRequest');
x.onload = function(){
console.log(x.responseText);$('#ticket').html(x.response)
};
x.send();
I'm using this in chrome extension, got below error
Not found because of proxy error: Error: getaddrinfo ENOTFOUND (URL)
This is not working for me.
I have tried with Heroku also but no luck.
Can you help me @Rob--W
from cors-anywhere.
x.setRequestHeader("X-Requested-With", "XMLHttpRequest");
is the solution to most of these issues, as mentioned in Robs answer, also make sure you have the slashes in the url and the proxy correct.
what is x?
from cors-anywhere.
x.setRequestHeader("X-Requested-With", "XMLHttpRequest");
is the solution to most of these issues, as mentioned in Robs answer, also make sure you have the slashes in the url and the proxy correct.what is x?
See https://github.com/Rob--W/cors-anywhere/issues/39#issuecomment-387690291
from cors-anywhere.
Hi below is my code to download a pdf in my project there different clients domain and i can not download pdf with different domain.
I am using angular 7 also installed npm install cross-anywhere
using pdfFile = "https://cors-anywhere.herokuapp.com/"+pdfFilePath
this._myapiService.downloadBillAsPdf(pdfFile).subscribe(
res => {
//res.header('x-requested-with', 'XMLHttpRequest');
if (window.navigator.msSaveOrOpenBlob) {
window.navigator.msSaveBlob(res, filename);
} else {
var url = window.URL.createObjectURL(res);
var a = document.createElement("a");
document.body.appendChild(a);
a.setAttribute("style", "display: none");
a.href = url;
a.download = filename;
a.click();
window.URL.revokeObjectURL(url);
a.remove(); // remove the element
}
this.toastr.success("Downloaded Successfully");
},
error => {
this._commonUtility.showErrorToastr(error);
},
() => {}
);
public downloadFile(filepath, contentType): Observable {
let headers = new HttpHeaders();
headers = headers.set('Accept', contentType);
//headers = headers.set('X-Requested-With', 'XMLHttpRequest');
return this.externalHttpClient.get(filepath, { headers: headers, responseType: 'blob' as 'json' });
}
i am getting not fond on console and when i hit directly on browser its giving Missing required request header. Must specify one of: origin,x-requested-with
from cors-anywhere.
The
Origin
header will automatically be set by the browser for cross-origin requests.Are you by any chance trying to use CORS Anywhere in a Chrome extension?
I have this issue with the chrome extension.
from cors-anywhere.
Related Issues (20)
- Does not work in Deno (TypeError on every request) HOT 1
- 400 Bad Request HOT 1
- Update HTTP-Proxy to 1.18.1 to resolve https://github.com/advisories/GHSA-6x33-pw7p-hmpq HOT 1
- Redirects ruining GET parameters using axios HOT 2
- how to block specific final link not origin
- cors-anywhere doesn't work with youtube m3u8 files HOT 1
- Error creating app on Heroku website HOT 2
- API domain name resolution problem HOT 1
- performance problem, cors-anywhere doesn't use outbound HTTP keep-alive HOT 1
- s anywhere
- Question about whitelisting HOT 1
- getting an Uncaught (in promise) SyntaxError HOT 1
- Authorization error HOT 1
- Whitelisting subdomain doesn't work as expected
- see the CI test #271 #273
- cors anywhere not working on vercel HOT 1
- add option to add auth header for sites like reddit HOT 1
- Siteye kurulum
- live radio use case: Missing required request header. Must specify one of: origin,x-requested-with HOT 4
- Not found because of proxy error: AggregateError
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cors-anywhere.