Bypass CORS. Build Faster.
blkproxy is a free, zero-config CORS proxy designed for developers who need to instantly access any API during development and testing, without cross-origin restrictions. Built on Vercel's global edge network for maximum performance and reliability.
- π₯ Zero Configuration - No API keys, no sign-ups, no complex setup
- β‘ Lightning Fast - Powered by Vercel's Edge Network for global low latency
- π‘οΈ Secure by Default - Built-in SSRF protection and security headers
- π Auto-Retry - Intelligent retry mechanism for transient network errors
- π± Universal Support - Works with any HTTP method, headers, and request body
- π Global Scale - Infinitely scalable, stateless architecture
- π« No Rate Limits - Unlimited requests for development and testing
- π Privacy Focused - We don't log your request/response data
Simply prepend our URL to your target API endpoint:
const targetUrl = 'https://api.example.com/data';
const proxyUrl = `https://blkproxy.vercel.app/api/proxy?url=${encodeURIComponent(targetUrl)}`;
fetch(proxyUrl)
.then(response => response.json())
.then(data => console.log('β
Success:', data))
.catch(error => console.error('β Error:', error));1-Click Deploy to Vercel:
Or manually:
# Clone the repository
git clone https://github.com/iambhvsh/blkproxy.git
cd blkproxy
# Deploy with Vercel CLI
npx vercelThat's it! Your personal CORS proxy is live in seconds. π
const response = await fetch('https://blkproxy.vercel.app/api/proxy?url=https://jsonplaceholder.typicode.com/posts/1');
const data = await response.json();
console.log(data);const targetUrl = 'https://api.example.com/users';
const proxyUrl = `https://blkproxy.vercel.app/api/proxy?url=${encodeURIComponent(targetUrl)}`;
fetch(proxyUrl, {
method: 'POST',
headers: {
'Content-Type': 'application/json',
'Authorization': 'Bearer your-token'
},
body: JSON.stringify({
name: 'John Doe',
email: '[email protected]'
})
})
.then(response => response.json())
.then(data => console.log('β
User created:', data));import axios from 'axios';
const targetUrl = 'https://api.example.com/data';
const proxyUrl = `https://blkproxy.vercel.app/api/proxy?url=${encodeURIComponent(targetUrl)}`;
const response = await axios.get(proxyUrl);
console.log(response.data);import { useState, useEffect } from 'react';
function useProxyFetch(url) {
const [data, setData] = useState(null);
const [loading, setLoading] = useState(true);
const [error, setError] = useState(null);
useEffect(() => {
const proxyUrl = `https://blkproxy.vercel.app/api/proxy?url=${encodeURIComponent(url)}`;
fetch(proxyUrl)
.then(response => response.json())
.then(data => {
setData(data);
setLoading(false);
})
.catch(err => {
setError(err);
setLoading(false);
});
}, [url]);
return { data, loading, error };
}
// Usage in component
function MyComponent() {
const { data, loading, error } = useProxyFetch('https://api.example.com/data');
if (loading) return <div>Loading...</div>;
if (error) return <div>Error: {error.message}</div>;
return <div>{JSON.stringify(data, null, 2)}</div>;
}blkproxy includes robust protection against Server-Side Request Forgery attacks:
- β
Only
http://andhttps://protocols allowed - β
Blocks requests to
localhostand private IP addresses - β Validates URL format before processing
- β Optional hostname whitelist for production use
For enhanced security in production environments, you can restrict access to specific domains:
Environment Variable: ALLOWED_HOSTS
Format: Comma-separated list of allowed hostnames
# Example in Vercel environment variables
ALLOWED_HOSTS=api.github.com,api.stripe.com,jsonplaceholder.typicode.comWhen configured, only requests to whitelisted domains will be processed.
All responses include comprehensive security headers:
Content-Security-Policy: default-src 'none'; frame-ancestors 'none';X-Content-Type-Options: nosniffX-Frame-Options: DENYStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadReferrer-Policy: no-referrerAccess-Control-Allow-Origin: *
URL: GET/POST/PUT/PATCH/DELETE /api
Query Parameters:
url(required) - The target URL to proxy the request to
Example:
https://blkproxy.vercel.app/api/proxy?url=https://api.example.com/users
URL: GET /api/health
Response:
{
"status": "ok",
"message": "blkproxy is operational",
"timestamp": "2025-01-20T10:30:00.000Z"
}- Bypass CORS during local development
- Test third-party APIs from browser applications
- Prototype with external services quickly
- Explore public APIs from browser dev tools
- Build interactive API documentation
- Create API testing interfaces
- Access APIs from static sites
- Build serverless frontend applications
- Create browser extensions that need API access
- Educational projects and tutorials
- API integration workshops
- Demonstrate web technologies
blkproxy is built for the developer community with trust and transparency:
- π οΈ Development & Testing - Perfect for local development and testing
- π Educational Projects - Great for learning and tutorials
- π API Exploration - Ideal for testing public APIs
- π± Prototyping - Excellent for quick prototypes and demos
- π« Production Applications - Not intended for production traffic
- π« High-Volume Scraping - Respect rate limits of target APIs
- π« Illegal Activities - No malicious or illegal usage
- π« Commercial Abuse - Don't use for large-scale commercial operations
- We don't log request or response bodies
- Your data simply passes through the proxy
- No tracking, no analytics on your API calls
- Respect for your privacy is paramount
blkproxy works seamlessly across all modern browsers:
- β Chrome (Latest)
- β Firefox (Latest)
- β Safari (Latest)
- β Edge (Latest)
- β Opera (Latest)
- β Mobile Browsers (iOS Safari, Chrome Mobile)
When testing locally, serve your HTML files from a local server instead of opening directly in the browser:
# Using Python
python3 -m http.server 8000
# Using Node.js
npx serve
# Using PHP
php -S localhost:8000We welcome contributions from the community! Here's how you can help:
Found a bug? Open an issue with:
- Clear description of the problem
- Steps to reproduce
- Expected vs actual behavior
- Browser and environment details
Have an idea? Start a discussion about:
- What problem it solves
- Proposed implementation
- Use cases and examples
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Add tests if applicable
- Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
Check the current status of blkproxy:
- π Website: blkproxy.vercel.app
- π₯ Health Check: blkproxy.vercel.app/api/health
- Global Edge Network: Sub-100ms response times worldwide
- 99.9% Uptime: Backed by Vercel's infrastructure reliability
- Auto-scaling: Handles traffic spikes automatically
- Runtime: Vercel Edge Runtime
- Language: JavaScript/TypeScript
- Deployment: Vercel Edge Functions
- Network: Global CDN distribution
// Available in the source code
const RETRY_COUNT = 3; // Number of retry attempts
const RETRY_DELAY_MS = 200; // Base retry delay
const ALLOWED_HOSTS_ENV = process.env.ALLOWED_HOSTS; // Whitelist configurationThis project is licensed under the MIT License - see the LICENSE file for details.
Made with β€οΈ by iambhvsh
- π Website: iambhvsh.vercel.app
- π§ GitHub: @iambhvsh
- π¦ Issues: Report here
If blkproxy helps you in your development journey:
- β Star this repository to show your support
- π Report bugs to help us improve
- π‘ Suggest features for future enhancements
- π’ Share with fellow developers who might find it useful