| # MangaDex Auth Proxy | |
| Cloudflare Worker CORS proxy for MangaDex OAuth/API setup flows. | |
| This exists for plain HTML tools that need to call MangaDex OAuth from a browser. Browsers block direct cross-origin token responses, so this worker forwards the request and adds CORS headers to the response. | |
| ## Deploy | |
| ```bash | |
| npm install | |
| npm run deploy | |
| ``` | |
| ## Local Development | |
| ```bash | |
| npm install | |
| npm run dev | |
| ``` | |
| ## Usage | |
| ```text | |
| https://your-worker.example/https://auth.mangadex.org/realms/mangadex/protocol/openid-connect/token | |
| ``` | |
| Example with placeholder values: | |
| ```bash | |
| curl "https://your-worker.example/https://auth.mangadex.org/realms/mangadex/protocol/openid-connect/token" \ | |
| -H "content-type: application/x-www-form-urlencoded" \ | |
| --data "grant_type=refresh_token&refresh_token=YOUR_REFRESH_TOKEN&client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET" | |
| ``` | |
| ## Allowed Targets | |
| This worker only proxies: | |
| - `https://auth.mangadex.org/*` | |
| - `https://api.mangadex.org/*` | |
| It rejects other hosts so the deployed worker is not a fully open public proxy. | |
| ## Security | |
| The worker can read whatever you send through it. That includes usernames, passwords, client secrets, access tokens, and refresh tokens. | |
| Deploy your own worker and use it only for setup/testing. For scheduled GitHub Actions, store tokens in GitHub Secrets and call MangaDex directly from the action. | |