wordpress-playground icon indicating copy to clipboard operation
wordpress-playground copied to clipboard

Published 20 hours ago verified publisher icon WordPress

PHP CORS Proxy

Open adamziel opened this issue 7 months ago • 0 comments

Description

Ships a PHP-based CORS proxy we'll need to integrate git clone via fetch().

Assumptions:

  • Run on a separate hostname for increased origin separation, like playground-proxy.wordpress.net. Do not use a subdomain, like proxy.playground.wordpress.net.
  • Stream data both ways, don't buffer.
  • Don't pass auth headers in either direction.
  • Refuse to request private IPs.
  • Refuse to process non-GET non-POST non-OPTIONS requests.
  • Refuse to process POST request body larger than, say, 100KB.
  • Refuse to process responses larger than, say, 100MB.

Follow-up work

  • Start a server at playground-proxy.wordpress.net.
  • Implement rate limiting (could be at the hosting platform level).

Testing instructions

  • Run dev.sh to start a local server, then go to http://127.0.0.1:5263/proxy.php/https://w.org/ and confirm it worked.
  • Run test.sh to run PHPUnit tests, confirm they all pass.

See https://github.com/WordPress/wordpress-playground/issues/1467

adamziel avatar Jun 29 '24 09:06 adamziel