npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

xcop

v1.0.2

Published

An XHR Cross Origin Proxy allows you to make XHR requests to different friendly API services.

Downloads

26

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

donavondonavonrevelcwrevelcw

Keywords

XHRCORSXMLHttpRequest

Readme

XCOP

Introduction

XCOP (XHR Cross Origin Proxy) allows you to make XHR requests to different friendly API services.

I'm sure that you've faced this dilemma... You web application needs to "phone home" via XMLHttpRequest call back to your site to get some information. You'd like these XHR calls to use HTTPS (maybe they contain some PII). The problem is that you've served the HTML, CSS, JavaScript, and images from an HTTP server and that would constitute a cross origin call. Historically, you were left with few options:

  1. Serve the site from the same origin as the web services.
  2. Use CORS. But this adds latency as the browser must make an additional OPTIONS request before the original request. it also requires setting up CORS headers on the server side.
  3. Use a reverse proxy server on the domain that served your HTML file. This can be, in some cases, difficult to setup, and is slower than hitting the destination server directly.

Enter XCOP!

With XCOP you can effectively make cross origin XHR requests with full verbs (not only GET and POST but also PUT, DELETE, PATCH, etc). You can also set HTTP headers to your heart's content. Simply place a simple HTML file on the friendly cross origin server (yes, you need access to the server). Under the covers, XCOP package will load this into an iframe and communicate with it via PostMessage. You will need a fairly modern browser.

Install it

$ npm install xcop

Usage

XCOP us easy to use. Just call XCOP with the origin that you would like to communicate with (xcop.html must be in the root of the cross origin server). XCOP will return a promise that is fulfilled with an XHR object.

Options

You can pass the following options as the second parameter to XCOP:

  • useCors - Instructs XCOP that, even if the origin is different, it should use the built-in XHR. CORS must be setup on the server to use HTTP verbs other than GET/POST and headers.
  • proxyTimeout - Time in seconds to wait for XCOP to be ready. (default = 15)
  • xcopDocument - File name of the "xcop.html" file on the server. Defaults to "/xcop.html".

The returned XHR object accepts a request object that consists of the following:

  • url - the URL that you would like to hit, relative to the origin.
  • headers - an object with key/value pairs.
  • method - the HTTP method (default = "GET").
  • body - a string containing optional data sent in a POST or PUT.

It returns a promise that is fulfilled with a response object. The response object contains the following:

  • status - the HTTP status response (ex: 200 for "OK")
  • body - the body of the response
  • headers - a response header object with key/value pairs.

Example

Let's say that you have a web page that is loaded from http://www.example.com, but you need to post some data to https://api.example.com (i.e. not on the same origin). The code below will show you how to do so.

var xcop = require("xcop");

var origin = "https://api.example.com";
xcop(origin).done(function (xhr) {
    var request = {
        url: "/items/123",
        headers: {"content-type": "application/json"},
        method: "PUT",
        body: JSON.stringify({id: 123, name: "new name"})
    };
    xhr(request).done(function(response) {
        console.log(response.status + " " + response.body);
    }, function (err) {
        console.error("Something went wrong.", err.message);
    });
}, function (err) {
    console.error(err.message);
});

Live Demo

You can also see XCOP in action, live, on the Interwebs! Check out this fiddle. http://jsfiddle.net/donavon/6tozto6v/

Origin White Listing

Instead of opening your web service up to other websites, you may now "white list" which origins are allowed to access your server. To do so, edit the xcop.html file served by the destination server. By default, XCOP allows access from any origin.

var whiteList = [];

To setup a whitelist, replace the whiteList array with the list of your allows origins. In our example above, you may chose to only allow http://www.example.com to use your API. If so, your xcop.html file will read:

var whiteList = ["http://www.example.com"];

You may choose to use different xcop.html files with different white lists for development, QA, and production.

Troubleshooting

Q. I'm getting the error "XCOP is unavailable".
A. You likely have not setup xcop.html in the root of the origin server that you are hitting with XCOP. In the example above, that would be https://api.example.com/xcop.html

Q. How cool is XCOP?
A. Very!

License

For use under MIT license