CORS junk

At the last three jobs I’ve been at, I’ve hit some form of this issue:

  • I am writing a web app.
  • I am running locally on localhost while developing it.
  • It needs to make an http request to a server on another origin (a “cross-origin” request, if you will).
  • That server, at least at that moment, does not provide headers in its http responses that say “it is OK to make requests to me from localhost.”
  • Requests from the browser to that server fail because of this CORS issue.

Long-term, maybe you or someone at your organization changes the server or create another instance of it that’s configured with the right CORS headers. But in the short term, maybe you don’t have control over the server.

So, to keep the web dev flowing, you create a proxy that the browser can make requests to. That proxy makes the request to the server you actually want to target, collects the response, then passes that back to the browser with the appropriate CORS headers tacked on.

I’ve made a few different versions of this proxy, often messily and sometimes glommed onto a web server meant for something else.

Today, I made a clean version of this that you can run on your laptop: local-nginx-proxy

You can also use this as a reference for making more permanent proxies. (I have a bunch of Node services that sit behind proxies like this in nginx, for example, but the config is way messier.)

This isn’t really how I planned to spend the morning, but every once in a great while, the exhortations of my soul are weird in a Businessfunk kind of way.