CORS proxy
Overview
Section titled “Overview”proxy.coragem.app is a CORS proxy used by browser-based clients where direct cross-origin calls are not possible.
Entry points
Section titled “Entry points”- Proxy: https://proxy.coragem.app/
Where it runs
Section titled “Where it runs”- Published via the reverse proxy on
web.core.lef(np-web) (vhost:proxy.coragem.app.conf). - Backend runs on:
tools.core.lef(np-tools) - NGINX upstream:
proxy_coragem_app→tools.core.lef:3005
Access & security notes
Section titled “Access & security notes”A proxy service is high-risk by default. Keep it controlled:
- Restrict allowed target hosts/paths (avoid “open proxy” behavior).
- Restrict allowed origins and methods.
- Add rate limiting if exposed to the internet.
Known risks / failure modes
Section titled “Known risks / failure modes”- Misconfiguration turns it into an open proxy.
- Incorrect allowlist blocks legitimate traffic.