dev-master / 1.0.x-dev 2018-09-21 14:12 UTC

This package is auto-updated.

Last update: 2021-04-21 12:48:48 UTC


Latest Version on Packagist Total Downloads

Formerly known as "PHP Cross Domain (AJAX) Proxy"

PHP CORS Proxy is a simple php script that allows cross domain requests. It can be used to access resources from third party websites when it's not possible to enable CORS on target website i.e. when you don't own that website.

Note: Please check whether this solution is indeed necessary by having a look on how you can enable CORS on your server.



  • Acts as a reverse proxy: request headers and data are propagated from proxy to server. Similarly, response headers and data are propagated from proxy to client.
  • Provides support for all methods GET, POST, PUT, DELETE.
  • Provides also support for HTTPS.
  • Requests can be filtered against a list of trusted domains or URLs.
  • External configuration (Work in progress)
  • Error handling i.e. when server is not available (Work in progress)
  • Debugging mode (Work in progress)


PHP Cors Proxy works with PHP 5.3+ or above.



PHP CORS Proxy is licensed under GPL-3.0. See LICENCE.txt file for further details.


Using composer

composer require softius/cors-proxy

Manual installation

The proxy is indentionally limited to a single file. All you have to do is to place proxy.php under the public folder of your application.


For security reasons don't forget to define all the trusted domains / URLs into top section of proxy.php file:

$valid_requests = array(

Note: There is currently ongoing work to allow configuration outside the proxy.php


It is possible to initiate a cross domain request either by providing the X-Proxy-URL header or by passing a special GET parameter. The former method is strongly suggested since it doesn't modify the request query. Also, the request looks more clear and easier to understand.

Using headers

It is possible to specify the target URL by using the X-Proxy-URL header, which might be easier to set with your JavaScript library. For example, if you wanted to automatically use the proxy for external URL targets, for GET and POST requests:

$.ajaxPrefilter(function(options, originalOptions, jqXHR) {
    if (options.url.match(/^https?:/)) {
        options.headers['X-Proxy-URL'] = options.url;
        options.url = '/proxy.php';

The following example uses curl

curl -v -H "X-Proxy-URL:"

Using query

In order to make a cross domain request, just make a request to and specify the target URL by using the csurl (GET) parameter. Obviously, you can add more parameters according to your needs; note that the rest of the parameters will be used in the cross domain request. For instance, if you are using jQuery:

    '', {
        csurl: '',
        param1: value1,
        param2: value2

The following example uses curl

curl -v ""