Quick and not-so-dirty CORS proxy

Updated April 7, 2024
Created August 21, 2018

Late one night I got a slack message from one of my colleagues:

Message: I need help with a proxy

It's a pretty common issue - you're trying to integrate with another company or 3rd party API and:

The main issue

Sometimes people are bogged down with other work, sysOps is nervous, or even worse slow. This could be due to company process and governance - so not necessarily their fault, but it's still a blocker. If we don't have access to a backend, one option is to spin up our own proxy server.

I'm not the biggest fan of Heroku for use as a production server, however in this case, I can't think of a better tool for the job.

The code

Luckily for us, Walkscore provided a sample script for Making a Server-Side API Request.

I've adapted it below to use environmental variables for the API key, and if you look at the Dirty Proxy Repo you'll see how I deploy it to Heroku

// Sort out our CORS Issues
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: X-Requested-With");

// Function to make a request to the Walkscore API
function getWalkScore($lat, $lon, $address) {
  // Get API Key set in the environment varibles

  $url = "http://api.walkscore.com/score?format=json&address=$address";
  $url .= "&lat=$lat&lon=$lon&wsapikey=$WALKSCORE_API_KEY";
  $str = @file_get_contents($url);

  return $str;

// Get the URL parameters "lat", "lon", and "adress"
$lat = $_GET['lat'];
$lon = $_GET['lon'];
$address = stripslashes($_GET['address']);

$json = getWalkScore($lat,$lon,$address);

echo $json;

Dirty Proxy Repo