Skip to main content

CORS proxy and web server for static apps

Project description

Corsa proxies HTTP requests, adds CORS headers and can also serve your static web application.


  • proxy requests for /proxy/http://host/path to http://host/path
  • set Access-Control-Allow-Origin headers
  • support for CORS preflight requests
  • serve static content from /app/ (--app-dir)
  • limit proxy hosts (--allow-proxy)
  • limit origin (--allow-origin)

Corsa is powered by Python and Tornado and is licensed under the MIT license.


You have a static web app in ./mywebapp that loads images from http://imagesource.example and stores them in a local CouchDB? Due to the cross-domain restrictions of all modern browsers, you won’t be able to access the image data and you won’t be able to access the CouchDB. Cross-origin resource sharing (CORS) is a mechanism to work around that and Corsa will set the appropriate CORS headers for you.

Start Corsa:

% corsa --app-dir ./mywebapp --allow-proxy http://imagesource.example,http://localhost:5984

Configure your web app to use /proxy/http://imagesource.example as the image source and /proxy/http://localhost:5984 as your CouchDB URL and go to http://localhost:8888/app/index.html.

If you application is allready running at http://localhost:8080:

% corsa --allow-proxy http://imagesource.example,http://localhost:5984 --allow-origin http://localhost:8080


To proxy specific URLs:

% corsa --allow-proxy --allow-origin ALL

% curl http://localhost:8888/proxy/ -D -
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *

You can restrict proxying to specific origins. Origin should be the host where your requests to Corsa comes from.

% corsa --allow-proxy --allow-origin http://myexample

% curl http://localhost:8888/proxy/ -H 'Origin: http://myexample' -D -
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://myexample

% curl http://localhost:8888/proxy/ -H 'Origin: http://otherdomain' -D -
HTTP/1.1 403 Forbidden

You can also host a static web app with Corsa:

% mkdir app
% echo 'hello' >> app/index.html
% corsa --app-dir app

% curl http://localhost:8888/app/index.html -D -
HTTP/1.1 200 OK
Content-Length: 6
Content-Type: text/html


--allow-origin defaults to SELF which is an alias for the URL of the Corsa server. This way your web app is able to make requests to all --allow-proxy hosts by default.

You can permit all origins and proxy hosts with the ALL alias:

% corsa --allow-proxy ALL --allow-origin ALL

% curl http://localhost:8888/proxy/ -D -
HTTP/1.1 200 OK

Corsa listens to http://localhost:8888 by default, but you can change that with the --bind option:

% corsa --bind :9999
% corsa --bind
% corsa --bind


Corsa is written in Python and requires Tornado. It was tested with Python 2.7/3.3 and Tornado 3.1.

Corsa is hosted on pypi so you can install it with:

pip install corsa

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

corsa-0.1.2.tar.gz (4.4 kB view hashes)

Uploaded source

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page