Hacking CORS restriction to enable in-browser XHR to any server.
Say you are running an web app at localhost, and you want to send XHR to http://remote-server:80
, but the CORS restriction forbids access because you are sending requests from an origin that remote-server:80 does not allow.
Run:
mitmproxy -s cors.py -R http://remote-server:80 -b localhost -p 8080
Now localhost:8080
is tunnelled to remote-server:80
.
And you can XHR to proxied server from localhost:
fetch("http://localhost:8080/api.json")
.then(function(response) {
// enjoy the response
});
Bonus: You can inspect HTTP requests in mitmproxy.