Mastodawn

One Open-source Project Daily

CORS Anywhere is a NodeJS reverse proxy which adds CORS headers to the proxied request.

https://github.com/Rob--W/cors-anywhere

#1ospd #opensource #cors #nodejs

GitHub - Rob--W/cors-anywhere: CORS Anywhere is a NodeJS reverse proxy which adds CORS headers to the proxied request.

CORS Anywhere is a NodeJS reverse proxy which adds CORS headers to the proxied request. - Rob--W/cors-anywhere

GitHub

datatofu 2d ago

[DEV_LOG] PHASE 1.7.5.b: CORE_LOGIC_ERROR

Mid-week update: It’s worse than it looks. A cascade of ReferenceErrors and TypeErrors is hitting the original build.

Diagnosis: Identified a failed "Lazy Import" implementation. The browser is triggering a terminal CORS failure on load. Manifest loading is blocked. PWA/Offline capabilities are dark.

We are sitting with the wreckage for now.

#WebDev #CORS #SystemFragmentation

Qiita - 人気の記事 Mar 10

LaravelのBladeとCORS設定をAWS（S3 / API Gateway）で再現してみよう
https://qiita.com/chaochire/items/9be1c47cad3913ff516e?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #S3 #Laravel #CORS #APIGateway

LaravelのBladeとCORS設定をAWS（S3 / API Gateway）で再現してみよう - Qiita

こんにちは。ソーイ株式会社1年目、村上です。前回LaravelのルーティングとコントローラーをAWSサービスを用いて再現しました。動作確認の際には CloudShell から値を含め送信し、構築できたか確認しました。今回はその記事の第2弾です。実際のWebア...

Qiita

Qiita - 人気の記事 Feb 26

LiveServerの脆弱性から見るCORSの必要性
https://qiita.com/m_ozawa-gxp/items/ebed6d10e07055df9810?utm_campaign=popular_items&utm_medium=feed&utm_source=popular_items

#qiita #CORS #LiveServer #CVE_2025_65717

LiveServerの脆弱性から見るCORSの必要性 - Qiita

はじめに先日、Visual Studio Codeで利用される拡張機能「Live Server」に脆弱性が見つかった。 https://www.security-next.com/181218 内容を見てみるとCORSなど見慣れた単語が出てきており、脆弱性自体も容易に再...

Qiita

Yuka Feb 24

Just lost several hours of my life to silly CORS issues while setting up https://static-s.umeyashiki.org as my Akkoma media base URL

Nginx “gotcha”: header inheritance.

If you put an add_header directive inside a location block, it completely suppresses all add_header directives defined in the parent server block.

server {
    add_header "X-Hdr-A" "Value";
    add_header "X-Hdr-B" "Value";

    location / {
        add_header "X-Hdr-C" "Value"; # <-- This wipes out A and B!
        access_log /var/log/a.log;
    }

    location /bb {
        access_log /var/log/b.log; # <-- A and B will show up here just fine.
    }
}

If your global headers are mysteriously disappearing on certain paths, maybe check your location blocks.

#http #nginx #cors #akkoma

Frank Feb 14

I think I just managed to make my Object Storage (#s3 compatible) work on my #peertube

First, it took 2 weeks because I got a bug with #ovhcloud where they wouldn't deliver the product.

When I got it set up, it was quite straight forward. Just copy/paste all the infos and keys into the peertube config file.

My only struggle was realizing that I had to apply some #cors settings to my bucket.

Other than that, #yunohost makes selfhosting quite easy.

The next step will be to migrate my videos to the instance.

https://social.fraxoweb.com/@frank/statuses/01KG8DX3X7815RFAS3A4ZMV54C

Post by Frank, @[email protected]

I'm working on setting up my own #PeerTube and #loops instances in #quebec #canada I've never used S3 storage, so I need to learn how that works. In …

social.fraxoweb.com

Show thread

Harald Feb 9

Ooooh, fcuk, it is even worse. I do a JavaScript fetch request. Internally it notices that it needs to do its CORS OPTIONS magic first. That one fails with a 404, as the developer tools show. But the fetch request itself fails. No, it does not come back with a 404 response. It just fails the fetch with

TypeError: Failed to fetch

This even though the OPTIONS response says

Access-Control-Allow-Origin *

beside the 404. This is baaaad!

#cors #http #fetch

Harald Feb 9

Fun with #CORS.

Many web devs come across CORS eventually, first reaction being WTF. Then see Stackoverflow or a chatty text randomizer to find.

The server response lacks the Access-Control-Allow-Origin header

which is confusing, as you're dealing with two servers at this point.

I thought to understand it, but debugged an hour to find that an OPTIONS request for .../blabla does not follow the redirect to .../blabla/ (in Firefox at least) .😠

https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS/Errors/CORSMissingAllowOrigin?utm_source=devtools&utm_medium=firefox-cors-errors&utm_campaign=default

#firefox #webdev

Reason: CORS header 'Access-Control-Allow-Origin' missing - HTTP | MDN

The response to the CORS request is missing the required Access-Control-Allow-Origin header, which is used to determine whether or not the resource can be accessed by content operating within the current origin.

MDN Web Docs

Afroféminas Feb 4

Cautiverio digitalizado: vigilancia con inteligencia artificial y el tejido policial global
Las tecnologías de vigilancia nacidas en la ocupación israelí de Palestina se exportan globalmente. Reconocimiento facial, control biométrico y al
https://afrofeminas.com/2026/02/04/cautiverio-digitalizado-vigilancia-con-inteligencia-artificial-y-el-tejido-policial-global/
#Denuncia #DESTACADO #Opinin #abolicionismo #Afrofminas #afrofeminismo #Apartheid #Cellebrite #colonialismo #ControlBiomtrico #Cors

Show thread

Kitsune / Yves 👾Jan 28

For schedules that block cross-origin access in the browser (e.g. #FOSDEM), there's now a small companion project: the Skedz CORS Proxy. A simple proxy with a domain whitelist, easy to self-host or run locally.

Public instance: https://cors.skedz.org
Example: https://cors.skedz.org/https://fosdem.org/2026/schedule/xml
Source (AGPLv3): https://github.com/ysorge/skedz-cors-proxy

#cors #proxy #fahrplan #skedz