seatmapv1/cors-anywhere/server.js

// Listen on a specific host via the HOST environment variable
var host = process.env.HOST || '0.0.0.0';
// Listen on a specific port via the PORT environment variable
var port = process.env.PORT || 8088;

// Grab the blacklist from the command-line so that we can update the blacklist without deploying
// again. CORS Anywhere is open by design, and this blacklist is not used, except for countering
// immediate abuse (e.g. denial of service). If you want to block all origins except for some,
// use originWhitelist instead.
var originBlacklist = parseEnvList(process.env.CORSANYWHERE_BLACKLIST);
var originWhitelist = parseEnvList(process.env.CORSANYWHERE_WHITELIST);
function parseEnvList(env) {
  if (!env) {
    return [];
  }
  return env.split(',');
}

// Set up rate-limiting to avoid abuse of the public CORS Anywhere server.
var checkRateLimit = require('./lib/rate-limit')(process.env.CORSANYWHERE_RATELIMIT);
// console.log(checkRateLimit);

// var cors_proxy = require('./lib/cors-anywhere');
// cors_proxy.createServer({
//   originBlacklist: originBlacklist,
//   originWhitelist: originWhitelist,
//   // requireHeader: ['origin', 'x-requested-with'],
//   // checkRateLimit: checkRateLimit,
//   removeHeaders: [
//     'cookie',
//     'cookie2',
//     // Strip Heroku-specific headers
//     'x-heroku-queue-wait-time',
//     'x-heroku-queue-depth',
//     'x-heroku-dynos-in-use',
//     'x-request-start',
//   ],
//   redirectSameOrigin: true,
//   httpProxyOptions: {
//     // Do not add X-Forwarded-For, etc. headers, because Heroku already adds it.
//     xfwd: false,
//   },
// }).listen(port, host, function() {
//   console.log('Running CORS Anywhere on ' + host + ':' + port);
// });


var fs = require('fs');
var host = process.env.HOST || '0.0.0.0';
var port = process.env.PORT || 8088;

var cors_proxy = require('./lib/cors-anywhere');
cors_proxy.createServer({
    httpsOptions: {
        key: fs.readFileSync('/etc/letsencrypt/live/zinomedia.de/privkey.pem'),
        cert: fs.readFileSync('/etc/letsencrypt/live/zinomedia.de/fullchain.pem')
    },
    //originWhitelist: [],
    originWhitelist: ['https://zinomedia.de' , 'https://purchase.tickets.com', 'http://purchase.tickets.com', 'http://zinomedia.de', 'https://purchase.tickets.zinomedia.de', 'http://purchase.tickets.zinomedia.de', 'http://seatmap-testing.zinomedia.de', 'https://seatmap-testing.zinomedia.de'],
    // requireHeader: ['origin', 'x-requested-with'],
    requireHeader: [],
    removeHeaders: ['cookie', 'cookie2'],
    // checkRateLimit: checkRateLimit,
}).listen(port, host, function() {
    console.log('Running CORS Anywhere on ' + host + ':' + port);
});