Circumvent CORS on client-side, like it's 2002

What is it for

TL;DR - You'll be able to do cross-origin request using this library and "proxy" page on destination origin.

As you know, you can do asynchronous HTTP requests using Javascript. But majority of web-browser won't allow you to request site which have different "origin", i.e. having different scheme, hostname or port. This doesn't seems convenient, but it significantly reduces surface for CSRF-type attacks. However, you can allow browser to do request by setting HTTP headers related to CORS policies, like "Access-Control-Allow-Origin" and so on. But this is impossible if you don't control webserver that hosts your site or you cannot configure it.

So here is this tool, working this way: you upload wormhole library and page ("Wormhole server") which will act like proxy on target server. Then when you're doing request from page with different origin client part of library creating invisible iframe with this proxy page and communicates with it using postMessage/onmessage mechanism, proxy (having its origin) executes request and returns result via that channel.