A lightweight, serverless proxy service running on Cloudflare Workers. This proxy allows you to route requests through your Cloudflare Workers instance to any URL, with built-in CORS support and security features.
- π Serverless - Runs on Cloudflare's global edge network
- π CORS Enabled - Full CORS support for cross-origin requests
- π Secure - Only allows HTTP/HTTPS protocols
- β‘ Fast - Low latency with Cloudflare's global infrastructure
- π‘οΈ Error Handling - Comprehensive error handling and validation
- π Request Headers - Properly forwards headers to target URLs
Once deployed, you can use the proxy by appending the target URL to your worker's URL:
https://your-worker.workers.dev/https://example.com
Basic GET request:
curl https://your-worker.workers.dev/https://api.github.com/users/githubWith query parameters:
curl https://your-worker.workers.dev/https://api.example.com/data?param1=value1¶m2=value2POST request:
curl -X POST https://your-worker.workers.dev/https://api.example.com/submit \
-H "Content-Type: application/json" \
-d '{"key": "value"}'From JavaScript:
fetch('https://your-worker.workers.dev/https://api.example.com/data')
.then(response => response.json())
.then(data => console.log(data));This is the easiest way to deploy! No installation required.
Step 1: Go to Cloudflare Workers Dashboard
Step 2: Click "Create a Service" or "Create Worker"
Step 3: Give your worker a name (e.g., my-proxy)
Step 4: Copy the entire content of worker.js file
Step 5: Paste it into the Cloudflare Workers editor (replace all existing code)
Step 6: Click "Save and Deploy"
Done! Your proxy is now live at https://your-worker-name.workers.dev π
If you prefer using the command line:
- Node.js (v16 or later)
- A Cloudflare account
- Wrangler CLI
npm installnpx wrangler loginnpm run deployBefore deploying, you can test the worker locally:
npm run devThis will start a local development server at http://localhost:8787.
You can customize the worker by editing wrangler.toml:
name = "workers-proxy" # Your worker name
main = "src/index.ts" # Entry point
compatibility_date = "2024-01-01" # Compatibility date
# Optional: Configure CPU limits
# [limits]
# cpu_ms = 50
# Optional: Add environment variables
# [vars]
# ENVIRONMENT = "production"
# ALLOWED_DOMAINS = "example.com,api.example.com"When the proxy successfully forwards your request, you'll receive the response from the target URL with additional headers:
X-Proxied-By: Cloudflare-Workers-Proxy- Indicates the response was proxiedX-Target-URL: <target-url>- Shows the actual URL that was proxiedAccess-Control-Allow-Origin: *- CORS header for cross-origin access
Invalid URL (400):
{
"error": "Invalid URL",
"message": "Please provide a valid URL to proxy",
"usage": "https://your-worker.workers.dev/https://example.com"
}Invalid Protocol (400):
{
"error": "Invalid Protocol",
"message": "Only HTTP and HTTPS protocols are supported"
}Proxy Error (502):
{
"error": "Proxy Error",
"message": "Failed to proxy request",
"target": "https://example.com/path"
}- β Only HTTP and HTTPS protocols are allowed
- β CORS headers are properly set
- β Sensitive Cloudflare headers are stripped
- β Host header is properly set for target requests
For production use, consider adding:
- Rate Limiting - Prevent abuse by limiting requests per IP
- Domain Whitelist - Only allow proxying to specific domains
- Authentication - Require API keys or tokens
- Request Size Limits - Prevent large payload attacks
- Logging - Track usage and potential abuse
You can modify the code to only allow specific domains:
const ALLOWED_DOMAINS = ['api.example.com', 'example.org'];
// After URL validation
if (!ALLOWED_DOMAINS.includes(target.hostname)) {
return new Response(
JSON.stringify({
error: 'Domain Not Allowed',
message: 'This domain is not whitelisted for proxying',
}),
{
status: 403,
headers: {
'Content-Type': 'application/json',
'Access-Control-Allow-Origin': '*',
},
}
);
}- CORS Proxy - Bypass CORS restrictions for development/testing
- API Gateway - Central point for API requests
- Request Logging - Monitor and log API requests
- Header Injection - Add authentication headers to requests
- Content Transformation - Modify responses before returning
workers-proxy/
βββ src/
β βββ index.ts # Main worker code
βββ wrangler.toml # Cloudflare Workers configuration
βββ package.json # Node.js dependencies
βββ README.md # This file
Run the worker locally with hot reloading:
npm run devThen test with:
curl http://localhost:8787/https://example.comView logs in the Cloudflare dashboard or use wrangler tail:
npx wrangler tailCloudflare Workers offers a generous free tier:
- Free Tier: 100,000 requests/day
- Paid Plan: $5/month for up to 10 million requests
See Cloudflare Workers Pricing for details.
Solution: Make sure you're providing the full URL including the protocol (http:// or https://)
# β Wrong
https://your-worker.workers.dev/example.com
# β
Correct
https://your-worker.workers.dev/https://example.comSolution: The proxy automatically handles CORS. Make sure you're making requests to the proxy URL, not the target URL directly.
Solution: Cloudflare Workers have a 50ms CPU time limit on the free plan. For heavy processing, consider upgrading to the paid plan.
Contributions are welcome! Please feel free to submit a Pull Request.
MIT License - feel free to use this in your own projects.
- Inspired by various CORS proxy implementations
- Built with Cloudflare Workers
- Converted from Deno Deploy implementation
If you encounter any issues or have questions:
- Check the Cloudflare Workers Documentation
- Search for existing issues or create a new one
- Join the Cloudflare Discord
Note: This proxy is for educational and development purposes. Be mindful of the rate limits and terms of service of the APIs you're proxying to. Always implement proper security measures for production use.