Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Explore: PHP CORS Proxy #1546

Draft
wants to merge 1 commit into
base: trunk
Choose a base branch
from
Draft

Explore: PHP CORS Proxy #1546

wants to merge 1 commit into from

Conversation

adamziel
Copy link
Collaborator

@adamziel adamziel commented Jun 29, 2024
edited
Loading

Work in progress.

To integrate git clone via fetch(), we need a CORS proxy. This PR explores an implementation.

Assumptions:

  • It will run on a separate hostname – ideally not even a subdomain
  • No auth headers should make it through either way
  • No requests to private IPs
  • Stream data both ways, don't buffer

Remaining work:

  • Rigorously review the private IPs filter, the current one comes from ChatGPT and I don't trust it
  • For now, refuse to process non-GET non-POST non-OPTIONS requests
  • Refuse to process POST request body larger than, say, 100KB
  • Refuse to process responses larger than, say, 100MB
  • Smart rate limiting
  • Support for query args
  • More unit tests

Testing instructions

  • Run dev.sh to start a local server, then go to http://127.0.0.1:5263/proxy.php/https://w.org/ and confirm it worked.
  • Run test.sh to run PHPUnit tests, confirm they all pass.

See #1467

@adamziel
Explore: PHP CORS Proxy
b7fcdb3 
Work in progress.

To integrate [git clone](https://adamadam.blog/2024/06/21/cloning-a-git-repository-from-a-web-browser-using-fetch/)
via `fetch()`, we need a CORS proxy. This PR explores an implementation.

Assumptions:

* It will run on a separate hostname – ideally not even a subdomain
* No auth headers should make it through either way
* No requests to private IPs
* Stream data both ways, don't buffer

Remaining work:

* For now, refuse to process non-GET non-POST non-OPTIONS requests
* Refuse to process POST request body larger than, say, 100KB
* Refuse to process responses larger than, say, 100MB
* Smart rate limiting
* Support for query args
* More unit tests

See #1467
@adamziel adamziel linked an issue Jun 29, 2024 that may be closed by this pull request
PHP feature parity #763
Open
28 tasks
@adamziel adamziel removed a link to an issue Jun 29, 2024
PHP feature parity #763
Open
28 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
[Aspect] Website [Type] Enhancement New feature or request
Projects
Playground Board
Status: In progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@adamziel