You can access APIs blocked by Cross-Origin Resource Sharing (CORS) restriction by using either Hoppscotch Agent, Proxyscotch or custom middleware. You can also use the Hoppscotch web extension to intercept requests and responses.
The Hoppscotch Agent is a micro application designed to mitigate the challenges posed by CORS in modern web browsers. Acting as a local intermediary, it intercepts API requests made through the Hoppscotch web app and reroutes them through your local machine. This means that the Hoppscotch Agent handles requests using your local network configuration.
Download the Hoppscotch Agent for your operating system:
Open Hoppscotch app and navigate to the “Interceptors” section in the “Settings” page.
Locate the “Agent” option within the Interceptors section to initiate a connection to your local agent.
The application will prompt you for a “One-Time Verification Code”. This verification code will be generated within the Hoppscotch Agent.
Enter the verification code into the application to establish a secure connection.
Once connected, all API requests made through the Hoppscotch web app will be routed through Hoppscotch agent, effectively eliminating CORS-related issues.
Recommended interceptor for most users as it is compaitble with all platforms.
A proxy server acts as an intermediary between your device and the internet, forwarding requests and responses to and from the desired API. By routing requests through a proxy, you can bypass CORS restrictions and access APIs that would otherwise be blocked by the browser.
Enable proxy interceptor from “Settings page” under the Interceptors section.
You can replace the default Proxy URL with your own proxy middleware if you wish or use Proxyscotch, which acts as a remote proxy server for routing API requests.
Proxyscotch is our official proxy server. It is an MIT licensed open-source project that can bypass Cross-Origin Resource Sharing (CORS) restrictions by routing API requests through a remotely hosted proxy, ensuring that requests originate from a trusted environment.
To use Proxyscotch with a minimal setup, you can pull and run the official pre-built Docker image. This provides an instant proxy environment without requiring manual compilation or installation.
You can host Proxyscotch on your own server by following the instructions below:
Copy
# Pull the latest Proxyscotch image from Docker Hubdocker pull hoppscotch/proxyscotch# Run the container in detached mode, exposing port 9159docker run -d -p 9159:9159 --name proxyscotch hoppscotch/proxyscotch
The proxy will add a desktop application to your system tray, providing quick access to various proxy settings such as setting the access token. After launching the application, a dialog will prompt you to complete the certificate installation process. For more details on how to install the certificate, visit this wiki.Upon activation, the server will run in the background and interact with the proxy to route and manage requests.
After building the server, use the following command to start the proxy server:
Copy
$ ./out/<platform>-server/server --host="<hostname>:<port>" --token="<token_or_blank>"# e.g. on Linux$ ./out/linux-server/server --host="localhost:9159" --token=""# or on Windows$ ./out/windows-server/server.exe --host="localhost:9159" --token=""
When the token is left blank, it grants unrestricted access to your proxy server. While this might be convenient, please be aware of the potential security risks and consider whether this level of open access is appropriate for your use case.
Once the container is running or the server is active, configure Hoppscotch to use http://localhost:9159 as the Proxy URL in the “Settings” page.This setup will route all API requests through Proxyscotch, facilitating communication with APIs that enforce strict CORS policies.
Since CORS is as simple as adding some HTTP headers, it’s only blocked by the browser. You can build some proxy-like component that will make a call for you and get the response from the desired API. You add it to the headers and then send it back to Hoppscotch.
Click on the Hoppscotch Browser Extension icon from the browser toolbar and ensure that hoppscotch.io is in your active origins. If you are using Hoppscotch Self-Host, add your own domain as a new origin
Refresh the Hoppscotch web app.
Open the interceptor and change the middleware to the browser extensionYou can either go to the settings and enable the use of the browser extension as shown below:
Or you can open the interceptor menu and change the middleware as shown below:
The origin list defines the URLs that the extension can connect to. If you’re using hoppscotch.io, then you do not need to add any other origins. However, if you are using a self-hosted instance, you should add the domain of your self-hosted instance as an active origin.
