From 434bdbea2c00542bc7fba9e43f70a3a461d70fd2 Mon Sep 17 00:00:00 2001 From: "Yann Esposito (Yogsototh)" Date: Fri, 8 Mar 2024 11:26:52 +0100 Subject: [PATCH] last minute update before deploying --- .../index.org | 21 ++++++++++++------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/src/posts/0025-a-quick-cors-proxy-in-a-few-lines-of-clojure/index.org b/src/posts/0025-a-quick-cors-proxy-in-a-few-lines-of-clojure/index.org index 17265df..e35a114 100644 --- a/src/posts/0025-a-quick-cors-proxy-in-a-few-lines-of-clojure/index.org +++ b/src/posts/0025-a-quick-cors-proxy-in-a-few-lines-of-clojure/index.org @@ -8,17 +8,22 @@ #+options: auto-id:t #+startup: showeverything -I use a HTML file from one of my local directory as homepage. -This HTML file contains in a single one page view, all links I generally want to -jump to. +When I open a new tab in my browser I see my hand-made starter homepage. +This is a single HTML file on my computer. +Not a hosted website. +This homepage is really useful and along the years I added some functionalities: +- organized links for my most frequently used websites +- direct text input to some specialized search engines +- work related links to a lot of different places, I see the APIs, the version + number of the deployed nodes, etc… +- my daily work tasks are displayed there (from org-mode calendar to this page) One of the section of links in this homepage contain a few website I host. -And I wanted to query these websites to make a healthcheck from my file. +And I wanted to query these websites to make a health check from my file. It turns out that you cannot easily make an HTTP call to any external website -from a `file://` in your Browser as your are almost immediately blocked by CORS. +from a =file://= in your Browser as your are almost immediately blocked by /CORS/. -I don't want to explain how CORS are working, most people don't get it correctly -anyway. +I don't want to explain how /CORS/ are working. The important point is that it is a security measure that is *very easy* to circumvent. Here is how to do it: @@ -72,7 +77,7 @@ Here is the code in a few lines of Clojure: #+end_src And that's it, this is a whole web application that will proxy any call to a -website that do not allow you to call from some origin (like my `file://`) and +website that do not allow you to call from some origin (like my =file://=) and will make it work anyway. If you feel that using too many libraries is cheating, here is the actual almost full