Simple Proxy Server Using Node.js to Bypass CORS

Node.js is a javascript runtime based on Chromium’s V8 javascript engine. It is really simple to create a basic HTTP server using the node.js API and a web based proxy is just an HTTP server that relays incoming requests back to the original recipient. So we will capture the requests and forward them using an http request. There are already programs to be used as debugging proxies (such as Charles, Fiddler, mitmproxy) but they are often limited and it is hard/complicated when it comes to composing a little bit complicated rules. For example once I needed a simple rule that repeats the origin of the orginal request in the proxied response to be able to circumvent CORS restrictions whentesting a web application. Sometimesit is easier to write a little bit of javascript code if you know how.

#!/usr/bin/env node
//Import the http module
var http = require("http");
 
//Create the server listening on port 8888
http.createServer(function(request, response) {
  //Log the URL for debugging etc.
  console.log(request.url);
  
  //Create a new http request with the data at hand
  var parsedURL = require("url").parse(request.url);
  var proxyRequest = http.request({
    port: request.port,
    host: request.headers["host"],
    method: request.method,
    headers: request.headers,
    path: parsedURL.pathname + (parsedURL.search ? parsedURL.search : "")
  })
  
  //When there is a response;
  proxyRequest.addListener("response", function (proxyResponse) {
    proxyResponse.on("data", function(chunk) {
      response.write(chunk, "binary");
    });
  
    //End the response
    proxyResponse.on("end", function() {
      response.end();
    });
    
    //Manipulate some headers - Here we repeat the original requests origin to the fake response
    if(request.headers["origin"]) {
      proxyResponse.headers["access-control-allow-origin"] = request.headers["origin"];
      //Set any other headers you need
      //proxyResponse.headers["access-control-allow-credentials"] = "true";
    }
    response.writeHead(proxyResponse.statusCode, proxyResponse.headers);
  });
  
  //return a 404 when the forwarded request throws an error
  proxyRequest.on("error", function(err) {
    response.statusCode = "404";
    response.end();
  });
  
  //Copy any data in the original request to the forwarded request
  request.addListener("data", function(chunk) {
    proxyRequest.write(chunk, "binary");
  });
  
  //End the proxy request
  request.addListener("end", function() {
    proxyRequest.end();
  });
}).listen(8888);

I have also included a shebang to be able to start the proxy server from the command line (on unix like systems) easily. This short script only requires that node.js is installed on the system and will immediately start working as you run it. Then all you need to do is to direct your traffic to http://localhost:8888 (I am using SwitchyOmega extension on Chrome). This simple example does not support a secure connection so you should not redirect HTTPS traffic to this proxy. It will not be possible to do so without registering a certificate with your end-point (e.g browser) and handling secure connection on node.js. Now, I use this basic proxy server whenever I need a fairly complicated response rule or a very simple proxy. Other than that, to view request/response details regular debugging proxies will work just fine.