Home > Uncategorized > Using a #Cors #Proxy to call #API s from #Javascript

Using a #Cors #Proxy to call #API s from #Javascript


Javascript has always limited the ability to make arbitrary web requests to third parties, this has generally meant that projects required a server side component, even if its only purpose was to ferry data from a third party to the client.

CORS changed this somewhat, it allowed API service providers indicate to Javascript clients that it was OK for arbitrary web requests to be made to them, and the fact that any related security concerns were unimportant. – After all, any statically authenticated API would have the api key exposed in client code.

However some API providers don’t declare a CORS header. This can be down to security concerns, ignorance of Javascript clients, or just misconfiguration. That’s where a CORS proxy comes in. This is where a third party will do the connection for you, and it will declare the CORS header saying it’s OK to connect to them.

You can always develop this yourself, but a free public service is  https://cors-anywhere.herokuapp.com – which is open source on github here- https://github.com/Rob–W/cors-anywhere/

All you need to do it call https://cors-anywhere.herokuapp.com/<url> where <url> is the third party API. It passes basic authentication headers through, but you need to call it via AJAX, you can’t just paste it into a browser. This is to prevent service abuse.

Thanks Rob-W, whoever you are 🙂

Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: