Proxy not working correctly

[nikita-fuchs]

Hey, after running the docker image and testing the proxy, the transferred data is unfortunately corrupted and also missing the CORS headers (maybe because of the data corruption, as the chrome console tells me about an unexpected end of file).

Regarding data integrity, tested with this random cat pic: https://www.tierfreund.de/wp-content/uploads/2016/09/1.jpg

With proxy:

$ sha2 1.jpg
SHA-256 (1.jpg) = 6e667c6dc98d119f27bd58d95e6059b38c0504d2bffecfa8c91c56c33e16f118

$ ls -l@ 1.jpg
-rw-r--r--@ 1 me  staff  487536 12 Feb  2018 1.jpg

Without proxy:

$ sha2 1.jpg.1
SHA-256 (1.jpg.1) = 309141024afd899bb30bad191af2c79b08968fc42be3f8707b9f3541a54c0c66

$ ls -l@ 1.jpg.1
-rw-r--r--  1 me  staff  270958 12 Feb  2018 1.jpg.1

Maybe I did something wrong?

Edit: There seems to be an issue with image data, it can be recreated by looking at https://cors-container.herokuapp.com/https://google.com

[imjacobclark]

Thanks for this, interesting, I'll take a look - or feel free to submit a PR fix :)

[nikita-fuchs]

I've been able to get it working with nginx, technically you can simply replace your code with that also 😁

default.conf:

server
{
    listen       80;
    server_name  localhost;

	location ~* /proxy/(?<pschema>https?):/(?<phost>[\w.]+)(?<puri>\/.*)	{
      # limit request types
      limit_except GET OPTIONS { deny  all; }

      #add cors
      if ($request_method = 'OPTIONS') {
	        add_header 'Access-Control-Allow-Origin' '*';
                add_header 'Access-Control-Allow-Credentials' 'true';
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
                add_header 'Access-Control-Max-Age' 1728000;
                add_header 'Content-Type' 'text/plain charset=UTF-8';
                add_header 'Content-Length' 0;
                return 204;
        }

	if ($request_method = 'GET') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
        }

       # Optional: limit URLs to such with media file types at the end
       # if ($uri !~ \.(txt|aif|cda|mid|mp3|mpa|ogg|wav|wma|wpl|7z|arj|deb|pkg|rar|rpm|targz|z|zip|bin|dmg|iso|toast|vcd|csv|dat|db|log|mdb|sav|sql|tar|xml|email|eml|emlx|msg|oft|ost|pst|vcf|apk|bat|bin|com|exe|gadget|jar|msi|py|wsf|fnt|fon|otf|ttf|ai|bmp|gif|ico|jpg|jpeg|png|ps|tif|key|odp|pps|ppt|pptx|c|class|cpp|cs|h|java|sh|swift|ods|xls|xlsm|xlsx|bak|cab|cfg|cpl|cur|dll|dmp|drv|icns|ico|ini|lnk|msi|sys|tmp|3g2|3gp|avi|flv|h264|m4v|mkv|mov|mp4|mpg|rm|swf|vob|wmv|doc|odt|pdf|rtf|tex|txt|wpd)$) {
       #     return 403;
       # }

		set $adr $pschema://$phost;
    		rewrite .* $puri break;
		resolver 8.8.8.8;
    		proxy_pass $adr;
		add_header X-debug-message "adr: $adr" always;
		add_header X-debug-message "puri: $puri" always;
		add_header X-debug-message "pschema: $pschema" always;
		add_header X-debug-message "phost: $phost" always;
    	proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    	proxy_set_header Host $phost;
        proxy_set_header X-NginX-Proxy true;
    	proxy_redirect off;
    	proxy_connect_timeout 1;
    	proxy_intercept_errors on;
 	   	expires 30;
	}

    location /health
    {
        if ($request_method = 'OPTIONS')
        {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            #
            # Custom headers and headers various browsers *should* be OK with but aren't
            #
            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
            #
            # Tell client that this pre-flight info is valid for 20 days
            #
            add_header 'Access-Control-Max-Age' 1728000;
            add_header 'Content-Type' 'text/plain; charset=utf-8';
            add_header 'Content-Length' 0;
            return 204;
        }
        if ($request_method = 'POST')
        {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
        }
        if ($request_method = 'GET')
        {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
            add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
        }

        return 200 '{"message": "healthy"}';
        add_header Content-Type application/json;
    }

    location /google/
    {
        proxy_pass https://google.com/;
    }

    location /netflix/
    {
        proxy_pass https://netflix.com/;
    }

}

Dockerfile:

FROM nginx:alpine
COPY default.conf /etc/nginx/conf.d/default.conf
EXPOSE 80
ENTRYPOINT ["nginx","-g","daemon off;"]

working perfectly for me.