Interceptor
Intercept and modify requests and responses.
You can access APIs blocked by Cross-Origin Resource Sharing (CORS)
restriction by using either Hoppscotch Agent, Proxyscotch or custom middleware. You can also use the Hoppscotch web extension to intercept requests and responses.
Hoppscotch Agent
The Hoppscotch Agent is a micro application designed to mitigate the challenges posed by CORS
in modern web browsers. Acting as a local intermediary, it intercepts API requests made through the Hoppscotch web app and reroutes them through your local machine. This means that the Hoppscotch Agent handles requests using your local network configuration.
- Download the Hoppscotch Agent for your operating system:
- Open Hoppscotch app and navigate to the “Interceptors” section in the “Settings” page.
- Locate the “Agent” option within the Interceptors section to initiate a connection to your local agent.
- The application will prompt you for a “One-Time Verification Code”. This verification code will be generated within the Hoppscotch Agent.
- Enter the verification code into the application to establish a secure connection.
Once connected, all API requests made through the Hoppscotch web app will be routed through Hoppscotch agent, effectively eliminating CORS-related issues.
Hoppscotch Agent
The Hoppscotch Agent is a micro application designed to mitigate the challenges posed by CORS
in modern web browsers. Acting as a local intermediary, it intercepts API requests made through the Hoppscotch web app and reroutes them through your local machine. This means that the Hoppscotch Agent handles requests using your local network configuration.
- Download the Hoppscotch Agent for your operating system:
- Open Hoppscotch app and navigate to the “Interceptors” section in the “Settings” page.
- Locate the “Agent” option within the Interceptors section to initiate a connection to your local agent.
- The application will prompt you for a “One-Time Verification Code”. This verification code will be generated within the Hoppscotch Agent.
- Enter the verification code into the application to establish a secure connection.
Once connected, all API requests made through the Hoppscotch web app will be routed through Hoppscotch agent, effectively eliminating CORS-related issues.
Proxy
A proxy server acts as an intermediary between your device and the internet, forwarding requests and responses to and from the desired API. By routing requests through a proxy, you can bypass CORS restrictions and access APIs that would otherwise be blocked by the browser.
- Enable proxy interceptor from “Settings page” under the Interceptors section.
- You can replace the default Proxy URL with your own proxy middleware if you wish or use Proxyscotch, which acts as a remote proxy server for routing API requests.
Proxyscotch
Proxyscotch is our official proxy server. It is an MIT licensed open-source project that can bypass Cross-Origin Resource Sharing (CORS) restrictions by routing API requests through a remotely hosted proxy, ensuring that requests originate from a trusted environment.
Self-Hosted Proxyscotch
To use Proxyscotch with a minimal setup, you can pull and run the official pre-built Docker image. This provides an instant proxy environment without requiring manual compilation or installation. You can host Proxyscotch on your own server by following the instructions below:
Proxyscotch Installer
If you prefer a native installation, download and install both the Desktop and Server binaries for your operating system.
The proxy will add a desktop application to your system tray, providing quick access to various proxy settings such as setting the access token. After launching the application, a dialog will prompt you to complete the certificate installation process. For more details on how to install the certificate, visit this wiki.
Upon activation, the server will run in the background and interact with the proxy to route and manage requests.
Building Proxyscotch from Source
If you prefer to build and run Proxyscotch manually from source, you can clone the repository and compile the binaries for your platform.
Follow the platform-specific instructions below to build the proxy and server from source for your operating system:
out/
directory. Running the Proxyscotch Server
After building the server, use the following command to start the proxy server:
Available Server Options
After running the Proxyscotch server, you can customize its behavior using various command-line options.
Option | Description |
---|---|
--host="<hostname>:<port>" | Define the host and port (default: localhost:9159 ). |
--token="<token>" | Set an access token to restrict proxy usage (leave blank for open access). |
--allowed-origins="*" | Comma-separated list of allowed origins for CORS. |
--banned-outputs="<values>" | Comma-separated list of response values to redact. |
--banned-dests="<hosts>" | Comma-separated list of blocked destination hosts. |
Configure Proxyscotch in Hoppscotch
Once the container is running or the server is active, configure Hoppscotch to use http://localhost:9159
as the Proxy URL in the “Settings” page.
This setup will route all API requests through Proxyscotch, facilitating communication with APIs that enforce strict CORS policies.
Browser Extension
Since CORS
is as simple as adding some HTTP headers, it’s only blocked by the browser. You can build some proxy-like component that will make a call for you and get the response from the desired API. You add it to the headers and then send it back to Hoppscotch.
How to use the Browser Extension
-
Install the browser extension from the below links:
-
Click on the Hoppscotch Browser Extension icon from the browser toolbar and ensure that
hoppscotch.io
is in your active origins. If you are using Hoppscotch Self-Host, add your own domain as a new origin -
Refresh the Hoppscotch web app.
-
Open the interceptor and change the middleware to the browser extension
You can either go to the settings and enable the use of the browser extension as shown below:
Or you can open the interceptor menu and change the middleware as shown below:
Origins
The origin list defines the URLs that the extension can connect to. If you’re using hoppscotch.io, then you do not need to add any other origins. However, if you are using a self-hosted instance, you should add the domain of your self-hosted instance as an active origin.
Was this page helpful?