4:["$","$L1b",null,{"locale":"ru","now":"$D2026-04-05T17:38:35.782Z","timeZone":"UTC","messages":{"nav":{"projects":"Проекты","docs":"Документация","features":"Возможности","account":"Аккаунт","organizations":"Организации","staff":"Персонал","blog":"Блог","settings":"Settings","sidebarTitle":"App"},"common":{"pricingNoPayment":"Сейчас CorsAPI полностью бесплатен; позже могут появиться платные тарифы."},"authPage":{"brandLink":"Back to home","login":{"eyebrow":"Sign in","title":"Welcome back","subtitle":"Use your email or Google / GitHub to open the dashboard.","noAccount":"No account yet?","registerLink":"Create one","google":"Continue with Google","github":"Continue with GitHub","oauthDisabledHint":"Not configured on the server. Set GOOGLE_CLIENT_ID / GOOGLE_CLIENT_SECRET and GITHUB_CLIENT_ID / GITHUB_CLIENT_SECRET in the backend .env.","divider":"or continue with email","email":"Email","password":"Password","forgot":"Forgot password?","submit":"Sign in","submitting":"Signing in…","resendHint":"You can resend the verification email if it didn't arrive.","resend":"Resend verification email","configError":"Session signing is not configured (JWT_SECRET). Set environment variables before using auth in production.","verifyToast":"We sent a verification link. Check your inbox.","resendToast":"Request received. If the account exists and is unverified, an email will be sent.","legalNotice":"Входя в систему, вы соглашаетесь с Условиями обслуживания и Уведомлением о конфиденциальности."},"register":{"eyebrow":"Create account","title":"Get started","subtitle":"Создайте бесплатный аккаунт. Войдите через OAuth Google/GitHub или используйте email.","hasAccount":"Already have an account?","loginLink":"Sign in","name":"Name (optional)","namePlaceholder":"Your name","email":"Email","password":"Password (min 8)","passwordPlaceholder":"At least 8 characters","passwordPolicy":"Use at least 8 characters for your password.","submit":"Create account","submitting":"Creating…","success":"Your account has been created.","legalNotice":"Создавая аккаунт, вы подтверждаете, что прочитали и принимаете Условия обслуживания и Уведомление о конфиденциальности."},"forgot":{"eyebrow":"Password","title":"Reset password","subtitle":"If SMTP is configured, we'll email you a reset link.","backLogin":"Back to sign in","email":"Email","submit":"Send link","submitting":"Sending…","toastOk":"If this email is registered, you'll receive reset instructions.","devTitle":"Development mode","devGoto":"Open reset page with this token"},"reset":{"eyebrow":"New password","title":"Choose a new password","subtitle":"Paste the token from your email and set a new password.","backLogin":"Back to sign in","token":"Reset token","password":"New password","submit":"Update password","submitting":"Saving…","toastOk":"Password updated. You can sign in."}},"seo":{"ogImageAlt":"CorsAPI — CORS-прокси, квоты и аналитика API","breadcrumbHome":"Главная","home":{"title":"CorsAPI — CORS-прокси, квоты и аналитика API","description":"Направляйте браузерный трафик через управляемый CORS-прокси: allowlist origin, API-ключи, минутные квоты и задержка p95. Самостоятельный хостинг. Начните с бесплатного уровня.","keywords":"CORS прокси, API-шлюз, rate limit, браузерный API, X-CorsAPI-Key, заголовки квот, аналитика API"},"docs":{"title":"Документация — руководство CorsAPI","description":"Полное руководство по продукту (~10+ мин): панель и проекты, CORS origin, списки хостов/путей, API-ключи, примеры curl и fetch, квоты, ошибки, health и OpenAPI.","keywords":"документация CorsAPI, CORS прокси, API-ключ, руководство, X-RateLimit, curl, OpenAPI"},"privacy":{"title":"Уведомление о конфиденциальности — CorsAPI","description":"Как CorsAPI обрабатывает учётную запись, конфигурацию проектов и сводки использования; ваши права по законам о данных. Ответственность при self‑hosted.","keywords":"конфиденциальность CorsAPI, обработка данных, self-hosted"},"terms":{"title":"Условия использования — CorsAPI","description":"Условия CorsAPI: законное использование, запреты, отсутствие ответственности за злоупотребления на незаконных или азартных сайтах без сведения, ограничение ответственности.","keywords":"условия CorsAPI, допустимое использование, политика API-прокси"},"features":{"title":"Features — CORS proxy, API gateway & observability for teams","description":"Explore CorsAPI: managed CORS and preflight, host and path allowlists, per-project API keys, per-minute quotas, p95 latency analytics, security policies, organizations, OpenAPI, health checks, and a documented free tier you can self-host.","keywords":"CorsAPI features, CORS proxy, API gateway, browser API access, rate limit, API keys, p95 latency, security policy, OpenAPI, self-hosted API proxy, observability"},"blog":{"title":"Блог — руководства CorsAPI по CORS, API и прокси","description":"Технические статьи о CORS, preflight, OAuth, лимитах, наблюдаемости и эксплуатации шлюзов. На всех поддерживаемых языках.","keywords":"блог CORS, API прокси, preflight, OAuth, rate limit, nginx CORS, GraphQL CORS, гайды CorsAPI"}},"blogPage":{"heroEyebrow":"Блог","heroTitle":"Гайды по более безопасным браузерным API","heroSubtitle":"Подробно о CORS, прокси, OAuth и продакшн-шлюзах — на каждом языке, который мы поддерживаем.","linkDocs":"Документация","linkFeatures":"Возможности","pillarTitle":"Начните с этих материалов","pillarSubtitle":"Базовые статьи, связанные с документацией и настройкой прокси.","readArticle":"Читать статью","backToBlog":"К списку статей","published":"Опубликовано","updated":"Обновлено","minRead":"{minutes} мин чтения","relatedTitle":"Похожие материалы"},"featuresPage":{"heroEyebrow":"Product","heroTitle":"A complete control plane for browser-safe API traffic","heroSubtitle":"Self-hosted CORS proxy with allowlists, quotas, API keys, observability, and team governance — so your frontends can call third-party APIs without turning your network into an open relay.","ctaRegister":"Create account","ctaDocs":"Read the guide","linkBlog":"Technical blog","linkHome":"Home","introTitle":"Why teams use CorsAPI for cross-origin API access","introP1":"Modern web apps constantly call payment, identity, analytics, and partner APIs. Browsers enforce the same-origin policy and CORS; misconfiguration shows up as silent failures in production. CorsAPI centralizes CORS rules, allowed upstream hosts and paths, and per-project rate limits so your product teams can ship faster without patching every upstream service.","introP2":"You keep data in your own infrastructure. The dashboard is where you create projects, list browser origins, define which DNS names and URL prefixes may be reached, and issue API keys. Traffic is attributed to a project key, so you can rotate credentials, read usage, and spot spikes before they become outages.","introP3":"Whether you run a single-page app, a mobile app with a WebView, or server-side workers that call the same proxy, the same policy model applies: explicit allowlists, quotas, and analytics — not a generic open proxy.","statsHeading":"Free tier at a glance","statsSub":"Numbers below reflect the active limits for new workspaces on this deployment. Use them when sizing staging and production projects.","stats":{"projectsLabel":"Projects per account","projectsDesc":"Separate workspaces for staging, production, or product lines.","rpmLabel":"Requests per minute (ceiling)","rpmDesc":"Per-project cap you can tune within the free-tier ceiling.","originsLabel":"Browser origins per project","originsDesc":"Localhost ports, preview URLs, and production domains."},"scenariosHeading":"Built for real delivery workflows","scenariosSub":"From local development to production rollouts — the same policy primitives apply.","scenario1Title":"Frontend teams shipping SPAs","scenario1Body":"List every origin you need in development and production, then tighten hosts and paths as integrations stabilize. The proxy tester in the dashboard reproduces the same CORS and policy behavior your users see.","scenario1B1":"Origin list covers localhost and preview deployments","scenario1B2":"Host and path rules prevent accidental wide-open calls","scenario1B3":"Quota headers help you throttle before hard errors","scenario2Title":"Platform & SRE operators","scenario2Body":"Health routes support readiness probes; daily usage and error rates highlight regressions. p95 latency samples alongside volume help you distinguish upstream slowness from client-side issues.","scenario2B1":"Health endpoints for liveness and readiness checks","scenario2B2":"Daily rollups for requests, errors, and latency","scenario2B3":"Per-project keys for clear ownership and rotation","scenario3Title":"Security-conscious organizations","scenario3Body":"Method allowlists, body size limits, header filtering, and optional hardening response headers reduce leakage and abuse. Organizations and roles keep governance aligned as teams grow.","scenario3B1":"Policy per project, not per ad-hoc server patch","scenario3B2":"Header filtering and IP controls where you enable them","scenario3B3":"Export and deletion workflows for privacy programs","groups":{"proxy":{"title":"Proxy & gateway","lead":"CORS, allowlists, and quotas — the traffic that leaves your browser or server passes through rules you define.","items":{"cors":{"title":"CORS & OPTIONS preflight","desc":"Define browser origins per line; the proxy emits CORS responses that match your project policy — no ad-hoc patches on upstream services."},"hosts":{"title":"Host & path allowlists","desc":"Only your approved upstream hosts and path prefixes are reachable. Not an open relay — traffic is constrained to rules you configure."},"keys":{"title":"API keys per project","desc":"Issue and revoke keys with prefixes; send X-CorsAPI-Key or Authorization: Bearer from browsers or servers within your free-tier limits."},"quota":{"title":"Per-minute quotas & headers","desc":"Set a configurable requests-per-minute cap per project; successful responses can include quota hints (e.g. X-RateLimit-* style headers)."}}},"observe":{"title":"Observability","lead":"See volume, errors, and latency in one place — before users open a ticket.","items":{"usage":{"title":"Daily usage & errors","desc":"Per-project daily rollups: request counts, 4xx/5xx breakdowns, and latency aggregates — so you see trends before users do."},"p95":{"title":"p95 latency samples","desc":"Track upstream slowness with percentile latency samples alongside volume — useful for SLOs and regressions."},"tester":{"title":"In-dashboard proxy tester","desc":"Send test requests through the proxy from the browser with method, URL, extra headers, and optional body — your CORS and policy rules apply."}}},"secure":{"title":"Security & policy","lead":"Tighten what methods, headers, and bodies can flow through the proxy for each project.","items":{"policy":{"title":"Per-project security policy","desc":"HTTP method allowlists, max body size, client IP allowlists, strip or block headers, upstream HTTPS expectations, timeouts, and redirect limits."},"headers":{"title":"Header filtering","desc":"Control which request headers reach upstream and which response headers return to the client — reduce cookie leakage and fingerprinting."},"stack":{"title":"Optional security response headers","desc":"Toggle common hardening headers on responses from the proxy to improve browser-side safety for your frontends."}}},"platform":{"title":"Platform & compliance","lead":"Accounts, teams, machine-readable API descriptions, and privacy-friendly operations.","items":{"orgs":{"title":"Organizations & roles","desc":"Collaborate with teams: workspaces, projects, and roles (owner, admin, member) for shared governance."},"auth":{"title":"Accounts & email verification","desc":"Sign-up with SMTP-backed verification where configured; password flows and session cookies for the dashboard."},"openapi":{"title":"OpenAPI & health endpoints","desc":"Machine-readable API descriptions for integrations; interactive docs when your deployment exposes them. Health routes such as /health/live and /health/ready for probes and deploys."},"tier":{"title":"Documented free-tier limits","desc":"Public GET /api/plan/limits returns active caps for projects, origins, keys, and quota — ideal for dashboards and post-deploy checks."},"privacy":{"title":"Data export & account deletion","desc":"Settings support export and account deletion workflows — important for GDPR-style and KVKK-aligned processes when you self-host data."}}}},"deepTitle":"How CorsAPI fits into your architecture","deepLead":"CorsAPI is not a generic HTTP tunnel. It is a policy-enforced proxy that sits between your clients and approved third-party APIs, with identity and quotas per project.","deepP1":"Browser clients send an Origin header; the proxy must allow that origin for the request to succeed. Server-side clients skip CORS but still must send a valid project key and obey host and path rules — so the same project can serve both public frontends and private workers without duplicating upstream configuration.","deepP2":"Quotas are enforced per minute per project key. That protects shared infrastructure and gives you a predictable lever when a partner API changes rate limits or when a release misbehaves. Response headers often include quota hints so well-behaved clients can back off before receiving HTTP 429.","deepP3":"For compliance, you control where the service runs and who can access the dashboard. OpenAPI and health endpoints help you automate verification; export and deletion workflows support data-subject processes when you operate on your own infrastructure.","faqHeading":"Frequently asked questions","faq":{"q1":"Is CorsAPI an open HTTP proxy?","a1":"No. Only upstream hosts and path prefixes you allow in a project can be reached. Requests must include a valid project API key and pass CORS and policy checks. That design prevents anonymous relay abuse.","q2":"Can I use the same project from browser and server?","a2":"Yes. Browser calls must send an allowed Origin; server calls typically omit Origin but still send the key. Many teams use separate keys for client-side and server-side traffic so rotation and quotas stay clear.","q3":"How do quotas work?","a3":"Each project has a per-minute request budget. Successful responses may include quota hints so clients can slow down. When the budget is exhausted, the service returns HTTP 429 until the window resets.","q4":"What observability do I get?","a4":"Per-project daily summaries include request counts, error breakdowns, and latency aggregates including p95 samples. Use them for SLOs and to spot regressions after deploys or vendor changes.","q5":"What about security hardening?","a5":"You can configure method allowlists, body size limits, header filtering, and optional hardening response headers per project. Combine with IP allowlists when your threat model requires it.","q6":"Where can I read more?","a6":"Start with the usage guide in the documentation, then explore the blog for CORS and gateway topics. The API reference describes proxy parameters and auxiliary routes for your deployment."},"ctaBandTitle":"Ready to try CorsAPI on your stack?","ctaBandSubtitle":"Create a free account, configure your first project, and run a test request from the dashboard in minutes."},"shell":{"login":"Войти","register":"Регистрация","logout":"Выйти","verifyBanner":"Подтвердите email — нужно для входа и API.","verifySettings":"Настройки аккаунта","verifyResend":"Отправить письмо снова","userMenuAria":"Account menu","userMenuSettings":"Settings"},"errors":{"FREE_TIER_PROJECT_LIMIT":"Достигнут лимит бесплатного уровня: {maxProjects} проектов. Удалите проект, чтобы создать новый, или дождитесь платных тарифов.","FREE_TIER_CORS_ORIGIN_LIMIT":"На бесплатном уровне не более {maxCorsOrigins} origin браузера на проект.","FREE_TIER_API_KEY_LIMIT":"На бесплатном уровне не более {maxApiKeysPerProject} активных API-ключей на проект. Отзовите ключ, чтобы создать новый."},"dashboard":{"loading":"Загрузка…","title":"Ваши проекты","subtitle":"Создайте проект или управляйте существующими.","createTitle":"Новый проект","name":"Название","description":"Описание (необязательно)","create":"Создать","empty":"Пока нет проектов.","open":"Открыть","delete":"Удалить","deleteTitle":"Удалить проект","deleteConfirm":"Проект и связанные ключи будут удалены безвозвратно.","toastCreated":"Проект создан.","toastDeleted":"удалён.","toastError":"Произошла ошибка.","allProjects":"Все проекты","searchProjectsLabel":"Поиск проектов","searchProjectsPlaceholder":"Фильтр по названию или описанию...","manage":"Управлять","emptyHint":"Проектов пока нет. Создайте выше.","noMatchingProjects":"Нет подходящих проектов.","deleteDialogSuffix":"и все ключи API этого проекта будут удалены безвозвратно. Продолжить?","confirmDelete":"Удалить","cancel":"Отмена","namePlaceholder":"напр. Production API или мобильный шлюз","descPlaceholder":"Краткое описание: для чего? (необязательно)","freeTierTitle":"Бесплатный уровень","freeTierProjects":"Макс. проектов на аккаунт: {max}","freeTierRate":"Макс. настраиваемая квота (запросов/мин на проект): {max}","freeTierOrigins":"Макс. CORS origin на проект: {max}","freeTierKeys":"Макс. API-ключей на проект: {max}","demoBadge":"Пример","demoProjectName":"Пример проекта","demoProjectDesc":"Готово для публичного API GitHub (`api.github.com`). Используйте тест прокси с ключом — цель по умолчанию `/zen`.","demoModalTitle":"Ваш пример API-ключа","demoModalBody":"Скопируйте секрет один раз для теста прокси. Примерный проект разрешает `api.github.com` и включает CORS для локальной разработки.","demoModalCopy":"Копировать ключ","demoModalCopied":"Скопировано","demoModalClose":"Понятно","demoModalOpenProject":"Открыть пример проекта","demoSecretShow":"Показать","demoSecretHide":"Скрыть","demoToastRevealCopied":"Ключ скопирован в буфер обмена."},"projectDetail":{"loading":"Загрузка…","notFound":"Проект не найден.","save":"Сохранить","saveRules":"Сохранить правила","saveSecurity":"Сохранить политику безопасности","toastMetaSaved":"Данные проекта обновлены.","toastCorsSaved":"CORS и квота сохранены.","toastRulesSaved":"Правила прокси обновлены.","toastSecuritySaved":"Политика безопасности сохранена.","toastKeyRevoked":"API-ключ отозван.","toastProjectDeleted":"Проект удалён.","errSave":"Не удалось сохранить.","errKeyCreate":"Не удалось создать ключ.","errRevoke":"Не удалось отозвать.","errDelete":"Не удалось удалить.","errMethods":"Укажите хотя бы один HTTP-метод.","errCopy":"Не удалось скопировать; выделите текст вручную.","modalTitle":"API-ключ создан","modalBody":"Секрет показывается только один раз. Храните его в безопасном месте; повторно показать нельзя.","secretLabel":"Секретный ключ","copy":"Копировать в буфер","copied":"Скопировано","secretShow":"Показать","secretHide":"Скрыть","toastRevealCopied":"Ключ скопирован в буфер обмена.","modalClose":"Готово","backProjects":"← Проекты","demoBanner":"Это ваш пример проекта: GitHub `zen` уже разрешён. Попробуйте тест прокси в панели.","jumpTo":"Jump to","chipRpm":"{n}/min","chipOrigins":"{n} origins","chipHosts":"{n} hosts","chipKeys":"{n} keys","deleteProject":"Удалить проект","confirmRevokeTitle":"Отозвать API-ключ","confirmDeleteTitle":"Удалить проект","confirmRevokeBody":"Ключ будет отозван навсегда; запросы прокси с ним больше не принимаются.","confirmDeleteBody":"Проект {name} и все связанные API-ключи будут удалены. Это действие нельзя отменить.","confirmRevoke":"Отозвать","confirmDelete":"Да, удалить","cancel":"Отмена","secProject":"Проект","fieldName":"Название","fieldDesc":"Описание","namePlaceholder":"Имя в панели","descPlaceholder":"Необязательная заметка или назначение","secCors":"CORS и квота","labelOrigins":"Разрешённые origin (по одному в строке)","originsPlaceholder":"http://localhost:3001\nhttps://yourapp.com","labelRateLimit":"Лимит запросов в минуту","ratePlaceholder":"напр. 60","secSecurity":"Политика безопасности API","securityIntro":"Ограничьте запросы через прокси: IP, методы, размер тела, фильтры заголовков и HTTPS. Пустой список IP = все источники.","labelMaxBody":"Макс. размер тела запроса (байт)","phMaxBody":"напр. 1048576 (1 МБ)","labelTimeout":"Таймаут upstream (мс)","phTimeout":"напр. 45000 (45 с)","labelRedirects":"Макс. редиректов (0–10)","phRedirects":"0–10; 0 = без редиректов","labelMethods":"Разрешённые HTTP-методы (строка или через запятую)","phMethods":"GET\nPOST\nPUT\nили: GET, POST, DELETE","labelIpAllow":"Белый список IP клиента (пусто = все)","phIpAllow":"203.0.113.10\n198.51.100.0/24\n(пусто = все IP)","ipHint":"За обратным прокси первый хоп X-Forwarded-For считается клиентом.","labelBlockReq":"Заголовки, не отправляемые upstream","phBlockReq":"cookie\nx-forwarded-host\n(одно имя заголовка на строку)","labelStripRes":"Заголовки ответа, не отдаваемые клиенту","phStripRes":"set-cookie\nserver\n(удаляются из ответа)","chkHttps":"Только HTTPS upstream (исключение http для localhost)","chkSecHeaders":"Заголовки безопасности ответа (nosniff, X-Frame-Options…)","chkForwardAuth":"Передавать Authorization upstream (кроме ключа CorsAPI)","secProxy":"Прокси — хост и путь","proxyIntro":"Если префиксы пути пусты, разрешены все пути. Примеры пути:","labelHosts":"Хосты","phHosts":"api.github.com\napi.stripe.com\n(один хост на строку)","labelPaths":"Префиксы путей (необязательно)","phPaths":"/zen\n/v1/users\n(пусто = все пути для этого хоста)","secKeys":"API-ключи","keysIntro":"Передайте секрет в X-CorsAPI-Key или Authorization: Bearer. Полный секрет показывается только один раз при создании — сохраните его.","keyNameLabel":"Название ключа","phKeyName":"напр. Production — мобильное (ваша метка)","newKey":"Создать ключ","noKeys":"Пока нет API-ключей. Создайте ключ для прокси или теста запроса ниже.","noKeysHint":"В списке только короткий префикс; полный секрет снова не показывается.","keySecretUnavailable":"Полный ключ здесь недоступен — сервер его не хранит. Помнятся только ключи, созданные в этой сессии браузера, пока не закроете вкладку.","keyListRevealAria":"Показать или скрыть полный ключ API","revoke":"Отозвать","keyCreatedLabel":"Создан","secUsage":"Суточное использование","thDate":"Дата","thRequests":"Запросы","th4xx":"4xx","th5xx":"5xx","thAvg":"Сред. мс","thP95":"p95 мс","noUsage":"Пока нет данных.","secExample":"Пример","exampleCurl":"curl -H \"X-CorsAPI-Key: YOUR_SECRET\" \\\n \"{url}\""},"proxyTest":{"title":"Тест запроса","intro":"Отправка запросов из браузера напрямую в прокси CorsAPI (как в Postman). Действуют правила прокси, список CORS origin и политика безопасности проекта.","originWarning":"Origin этой страницы ({origin}) должен быть в списке CORS проекта; иначе возможен 403.","method":"Метод","targetUrl":"Целевой URL (upstream)","apiKeyLabel":"API-ключ (секрет)","apiKeyPlaceholder":"Полный ключ, скопированный при создании","rememberKey":"Запомнить ключ в этой сессии браузера (только эта вкладка/устройство; доверенная среда)","extraHeaders":"Дополнительные заголовки (необязательно)","extraHeadersHint":"По одной строке Header-Name: value.","extraHeadersAuto":"добавляется автоматически.","bodyLabel":"Тело запроса","bodyPlaceholder":"{{\n \"example\": true\n}}","send":"Отправить запрос","sending":"Отправка…","response":"Ответ","emptyHint":"Результат появится здесь.","responseHeaders":"Заголовки ответа","body":"Тело","noBody":"(нет тела)","none":"(нет)","toastNeedKey":"Введите секретный ключ. Он показывается один раз при создании; создайте новый, если потеряли.","toastNeedUrl":"Нужен целевой URL (upstream).","toastSendFailed":"Запрос не выполнен (сеть или CORS).","panelNetworkError":"Сетевая ошибка","panelFetchFailedHint":"Локально: убедитесь, что Nest API запущен (порт 3000). В .env.local используйте NEXT_PUBLIC_API_URL=/api — запросы идут через Next (/api → backend) и меньше проблем с CORS. BACKEND_INTERNAL_URL, если API другой адрес.","showKey":"Показать ключ","hideKey":"Скрыть ключ","toastKeyRevealCopied":"API-ключ скопирован в буфер обмена."},"onboardingTour":{"next":"Далее","prev":"Назад","done":"Готово","step1Title":"Проект","step1Body":"Название и описание проекта. Демо-проекты предварительно настроены для проверки.","step2Title":"CORS и квота","step2Body":"Добавляйте origin браузера построчно. Если origin панели нет в списке, браузер заблокирует запрос.","step3Title":"Правила прокси","step3Body":"Разрешённые upstream-хосты и необязательные префиксы путей. Через прокси можно вызывать только совпадающие URL.","step4Title":"API-ключи","step4Body":"Создайте ключ и надёжно сохраните секрет — он показывается один раз. Используйте X-CorsAPI-Key или Authorization: Bearer.","step5Title":"Тест запроса","step5Body":"Отправьте тестовый запрос к прокси из браузера. Здесь действуют те же правила и ключи.","step6Title":"Ежедневное использование","step6Body":"Объём запросов и метрики ответов. После успешного теста таблица обновится."},"organizations":{"title":"Организации","subtitle":"Управляйте командой; новые проекты привязываются к личному пространству, если не указано иное.","name":"Название","create":"Создать","role":"Роль","empty":"Дополнительных организаций пока нет.","toastCreated":"Организация создана.","roles":{"owner":"Владелец","admin":"Админ","member":"Участник"}},"staff":{"title":"Сводка персонала","users":"Пользователи","organizations":"Организации","projects":"Проекты"},"localeSwitcher":{"label":"Язык","openMenu":"Выбрать язык","names":{"en":"English","tr":"Türkçe","es":"Español","ar":"العربية","ru":"Русский","az":"Azərbaycan"}},"home":{"hero":{"eyebrow":"CORS · ЛИМИТ · АНАЛИТИКА","heroVideoBadge":"CORS · ЛИМИТ · АНАЛИТИКА","heroHeadline1":"CorsAPI","heroHeadline2":"— Безопасный доступ к API","heroHeadline3":"из браузера.","titleRich":"CorsAPI — безопасный доступ к API из браузера","subtitle":"Списки разрешённых хостов и путей, CORS, минутные квоты, политика безопасности и дневная задержка p95 — одна панель. Самостоятельный хостинг.","pill1":"CORS решён","pill2":"Квоты и p95","pill3":"Самостоятельный хостинг","title":"Безопасный API-шлюз из браузера"},"mock":{"title":"Прокси-запрос","line1":"GET /proxy?url=https://api.example.com/v1/resource","line2":"X-CorsAPI-Key: ВАШ_КЛЮЧ_ПРОЕКТА","line3":"Origin: https://yourapp.com","footnote":"В успешных ответах в заголовках есть подсказки по квотам и лимитам."},"stats":{"heading":"Для продуктовых команд","s1Label":"Задержка p95","s1Desc":"Ежедневные выборки, чтобы вовремя заметить регрессии upstream.","s2Label":"Минутные квоты","s2Desc":"429 при превышении — защита upstream API и бюджета.","s3Label":"Ваша инфраструктура","s3Desc":"Данные аккаунта и проекта остаются в вашей базе данных."},"steps":{"heading":"Как это работает","intro":"Три шага от браузера к API: задайте проект, передайте ключ — CORS, квоты и безопасность применяются к каждому запросу автоматически.","bullet1":"Ограничения origin и upstream host/path в панели","bullet2":"Аутентификация через X-CorsAPI-Key или Bearer","bullet3":"Политика: preflight CORS и квоты из одного места","step1Title":"Создайте проект","step1Desc":"Задайте origin браузера и разрешённые upstream-хосты и префиксы путей.","step2Title":"Передайте API-ключ","step2Desc":"Используйте X-CorsAPI-Key или Authorization: Bearer из браузера или сервера.","step3Title":"Прокси с политикой","step3Desc":"CORS, квоты и правила безопасности применяются к каждому запросу автоматически."},"bento":{"sub":"Перестаньте встраивать CORS в каждый микросервис — настройте один раз в панели."},"cta":{"start":"Начать бесплатно","docs":"Документация"},"features":{"heading":"Всё для безопасного релиза","intro":"Единая плоскость управления трафиком браузера: списки, наблюдаемость и ограничения.","cors":{"title":"CORS + прокси","desc":"Список origin и OPTIONS preflight — без временных заголовков в upstream."},"host":{"title":"Хост и путь","desc":"Доступны только заданные хосты и префиксы — не открытый relay."},"p95":{"title":"p95 и квоты","desc":"Суточные запросы, 4xx/5xx и задержки в одном месте."},"security":{"title":"Политика безопасности","desc":"IP-списки, лимиты метода и тела, фильтры заголовков из панели."},"email":{"title":"Подтверждение e-mail","desc":"SMTP при регистрации и сценарии сброса пароля."},"kvkk":{"title":"Конфиденциальность","desc":"Экспорт данных и удаление аккаунта в настройках — под процессы в духе GDPR."}},"compare":{"heading":"Почему не вызывать API напрямую из браузера?","withoutTitle":"Прямые вызовы","withoutBody":"CORS часто блокирует; секреты в клиенте опасны; нет централизованной наблюдаемости.","withTitle":"Через CorsAPI","withBody":"Явные списки, ключ на границе, квоты по маршрутам и задержки — без раскрытия upstream-учётных данных."},"explore":{"eyebrow":"Обзор","title":"Документация, продукт и ключевые статьи","subtitle":"Сначала документация и возможности, затем сохраните эти подробные руководства.","linkDocs":"Документация","linkFeatures":"Возможности","linkBlog":"Блог","pillarHeading":"Рекомендуемые материалы"},"stack":{"heading":"Стек под вашим контролем","body":"Бэкенд NestJS, MongoDB, опциональный SMTP — разворачивайте у себя и храните данные под контролем."},"faq":{"heading":"Частые вопросы","q1":"Это бесплатно?","a1":"Да. Регистрация, проекты и прокси бесплатны. Действуют общие лимиты бесплатного уровня (см. документацию и GET /api/plan/limits).","q2":"Это не открытый прокси?","a2":"Трафик только по вашим правилам хоста и пути; не открытый relay.","q3":"Где использовать API-ключ?","a3":"В заголовке X-CorsAPI-Key или Authorization: Bearer. Пример curl в документации.","q4":"Где мои данные?","a4":"Данные аккаунта и проекта в вашей БД. Экспорт и удаление в настройках.","q5":"Есть поддержка команд?","a5":"Да. Организации для совместной работы; проекты привязаны к пространству с ролями владельца, администратора и участника.","q6":"Есть OpenAPI / Swagger UI?","a6":"Бэкенд отдаёт OpenAPI. Swagger UI по умолчанию выключен в продакшене; включите SWAGGER_ENABLED, когда будете готовы."},"freeTier":{"title":"Что входит в бесплатный уровень","intro":"Сегодня включено для каждого аккаунта:","li1":"CORS-прокси с вашими списками хоста и пути","li2":"Минутные квоты (настраиваются до потолка платформы)","li3":"API-ключи на проект (в пределах лимита)","li4":"Суточное использование и выборки p95 в панели","li5":"Проекты, организации и параметры политики безопасности","li6":"OpenAPI с вашего бэкенда — включите Swagger через SWAGGER_ENABLED при развёртывании"},"ctaBand":{"heading":"Запустите первый прокси-маршрут за минуты","sub":"Изучите проекты, ключи и панель.","primary":"Создать аккаунт","secondary":"Читать документацию"},"footer":{"tagline":"CorsAPI — CORS-прокси, квоты и аналитика API для современных фронтендов.","privacy":"Конфиденциальность","terms":"Условия","docs":"Документация","followTitle":"Соцсети","socialGithub":"GitHub","socialX":"X","socialLinkedin":"LinkedIn","colProduct":"Продукт","colLegal":"Документы","register":"Регистрация","login":"Вход","copyright":"© {year} CorsAPI"},"jsonLd":{"orgDesc":"Инструмент для разработчиков: CORS-прокси, квоты и аналитика API.","siteDesc":"Безопасный API-шлюз из браузера; CORS и квоты.","offerDesc":"Бесплатный уровень"}},"privacy":{"back":"← Главная","title":"Уведомление о конфиденциальности","lastUpdated":"Последнее обновление: 24 марта 2026 г.","intro":"Ниже приведён эталонный текст на английском языке. Турецкая версия доступна в турецкой локали сайта.\n\n---\nThe English version below is the reference text for this locale. If you need a certified translation, consult a legal translator.\n\nThis Privacy Notice describes how personal data may be processed in connection with CorsAPI. For self‑hosted deployments, you or your organization may act as data controller and processing is primarily under your control.\n\nThis text is informational only and is not a substitute for legal advice regarding KVKK, GDPR, or other laws applicable to your situation.","s1Title":"Controller and processing context","s1Body":"If CorsAPI is offered as a hosted service, the operator may act as controller. In self‑hosted setups, you or your organization may be the controller. This notice covers data processed through the web UI and account management.","s2Title":"Categories of data","s2Body":"Identity and contact: name, email, and profile details from OAuth where applicable.\n\nAccount and security: password hashes, session/JWT‑related technical data.\n\nProject configuration: CORS origins, host/path rules, quotas, and security settings.\n\nUsage and analytics: request counts, error codes, latency summaries, logs (depending on configuration).\n\nProxy traffic: target URLs, headers, and response summaries; full payloads may not always be stored.","s3Title":"Purposes and legal bases","s3Body":"Purposes: account creation and authentication; abuse prevention; service delivery and improvement; legal compliance.\n\nLegal bases may include contract performance, legitimate interests, consent where required, or other grounds under GDPR/KVKK and local law.","s4Title":"Retention","s4Body":"Data is kept as long as necessary for the purposes above and any mandatory legal retention. You should cap retention for logs and analytics per your policies. On account deletion, data should be erased or anonymized subject to legal exceptions.","s5Title":"Sharing and subprocessors","s5Body":"Hosting, email delivery, and OAuth providers may process data on our behalf. Their privacy policies apply. International transfers require appropriate safeguards under applicable law.","s6Title":"Security","s6Body":"We aim to apply access controls, encryption in transit where appropriate, and secure development practices; no method of transmission over the Internet is completely secure.","s7Title":"Your rights","s7Body":"Depending on applicable law, you may have rights to access, rectify, erase, restrict processing, object, and data portability. Use account export/delete tools in settings or contact channels published on the site.","s8Title":"Cookies and similar technologies","s8Body":"We may use cookies or local storage for sessions and preferences. You can control these via browser settings; some features may be limited.","s9Title":"Children","s9Body":"The Service is not directed at individuals under 18. We do not knowingly collect data from children.","s10Title":"Changes and contact","s10Body":"This Notice may be updated. Material changes should be communicated by reasonable means. For questions, use the contact or support address published on the website."},"terms":{"back":"← Главная","title":"Условия обслуживания","lastUpdated":"Последнее обновление: 24 марта 2026 г.","intro":"Ниже приведён эталонный текст на английском языке. Турецкая версия доступна в турецкой локали сайта.\n\n---\nThe English version below is the reference text for this locale. If you need a certified translation, consult a legal translator.\n\nThese Terms of Service (“Terms”) govern your use of the CorsAPI software/service (“Service”). Please read them carefully before using the Service.\n\nThis document is for general information only and does not constitute legal advice. You should obtain independent counsel for production deployments, regulated industries, or high‑risk use cases.","s1Title":"Agreement and acceptance","s1Body":"By creating an account, signing in, or otherwise accessing the Service, you confirm that you have read, understood, and agree to these Terms. If you do not agree, do not use the Service.\n\nIf any provision conflicts with mandatory consumer or data‑protection laws in your jurisdiction, the mandatory rules prevail.","s2Title":"Definitions","s2Body":"“You/User”: the natural or legal person accessing the Service.\n\n“Content and traffic”: requests, responses, configuration data, and logs/summaries processed through the Service.\n\n“Third‑party APIs”: external systems reached via the proxy/gateway; their use is governed solely by those third parties’ terms and applicable laws.","s3Title":"Nature of the Service; “as is”","s3Body":"CorsAPI is a developer tool for controlled routing of browser/client traffic using CORS rules, quotas, API keys, and related settings. Features, versions, and availability may change without prior notice.\n\nThe Service is provided “as is” and “as available”, without warranties of any kind, whether express or implied, including merchantability, fitness for a particular purpose, or uninterrupted operation.","s4Title":"Account, authentication, and security","s4Body":"You are responsible for safeguarding your credentials and for all activity under your account. If you suspect unauthorized access, change your password promptly and notify us through the published support channels.\n\nIf you use OAuth providers (e.g. Google, GitHub), their terms also apply.","s5Title":"Acceptable use","s5Body":"You will use the Service only in compliance with applicable laws, third‑party API terms, and your own configured allowlists (origins, hosts, paths, quotas, etc.).\n\nKeeping configurations accurate, meeting legal obligations (including privacy and sector rules), and providing required notices to your users are your responsibility.","s6Title":"Prohibited uses","s6Body":"Without limitation, the following are prohibited: (a) illegal activity under applicable law; (b) unauthorized access to third‑party systems, security circumvention, or abuse; (c) malware, fraud, identity theft, or spam; (d) child exploitation or distribution of harmful content; (e) unlawful gambling/betting or misuse of payment systems; (f) money laundering or terrorist financing.\n\nOperating the Service as an open, uncontrolled public proxy, or using it to infringe third‑party rights or mislead users, is prohibited.","s7Title":"Third‑party use; no duty to monitor; disclaimer","s7Body":"The Service is provided as technical infrastructure. We may not know your integrators, end users, or customers, and we cannot continuously verify the ultimate purpose of traffic. We have no obligation to detect or block use on illegal sites, gambling/betting platforms, or other unlawful purposes; we do not accept liability for such use, whether or not we were aware of it.\n\nWe do not perform full content inspection or continuous legal compliance scanning; preventing misuse relies primarily on your configuration and access controls.","s8Title":"Limitation of liability","s8Body":"To the maximum extent permitted by law, CorsAPI and its operators shall not be liable for indirect, incidental, special, consequential, or punitive damages, or for loss of data, revenue, goodwill, or third‑party claims.\n\nWe are not liable for outages, errors, misconfiguration, or unavailability of third‑party APIs.","s9Title":"Disclaimer of warranties","s9Body":"The Service is provided without warranties of any kind. No warranty is made regarding performance, error‑free operation, or compliance with specific regulatory frameworks (e.g. HIPAA, PCI‑DSS).","s10Title":"Indemnity","s10Body":"You agree to indemnify and hold harmless CorsAPI and its operators, directors, and employees from any claims, damages, penalties, and reasonable attorneys’ fees arising from your breach of these Terms, violation of law, or infringement of third‑party rights.","s11Title":"Termination, governing law, disputes, and changes","s11Body":"We may suspend or terminate your account or access with or without notice for breach or legal requirements.\n\nThese Terms are governed by the laws of the jurisdiction where CorsAPI is operated (e.g. Republic of Türkiye), excluding conflict‑of‑law rules where permitted. Mandatory consumer rights in your country of residence remain unaffected.\n\nMaterial changes should be communicated by reasonable means (e.g. site notice or email). Continued use after changes may constitute acceptance.\n\nFor legal notices, use the official contact/support channels published on the website."},"docs":{"title":"Документация","sidebarTitle":"Документация","navGuide":"Руководство по использованию","tocTitle":"Содержание","examplesSectionTitle":"Примеры кода и эндпоинты","swaggerIntro":"OpenAPI:","swaggerTail":"— В продакшене ограничьте доступ к интерактивной документации (например аутентификация или частная сеть), чтобы API нельзя было анонимно обойти.","backDashboard":"Назад к панели"},"settingsPage":{"title":"Account settings","subtitle":"Update your profile, password, and data.","profileTitle":"Profile","displayName":"Display name","displayNamePlaceholder":"Your name","emailLabel":"Email","emailHint":"Email cannot be changed here.","linkedGoogle":"Signed in with Google","linkedGithub":"Signed in with GitHub","saveProfile":"Save changes","saving":"Saving…","profileSaved":"Profile updated.","passwordTitle":"Password","oauthNoPassword":"You use Google or GitHub to sign in. To use a password, contact support or add password support in a future release.","currentPassword":"Current password","newPassword":"New password","confirmPassword":"Confirm new password","changePassword":"Change password","changingPassword":"Updating…","passwordMismatch":"New passwords do not match.","passwordChanged":"Password updated. Please sign in again.","passwordWrong":"Could not change password. Check your current password.","verifyCardTitle":"Email verification","verifyCardBody":"Click the link in your inbox. If nothing arrived, resend the email.","verifyResend":"Resend verification email","verifyResendOk":"If the account exists and is unverified, a message was sent.","exportTitle":"Export data","exportBody":"Projects, proxy rules (keys masked), and recent usage as JSON.","exportBtn":"Download JSON","exporting":"…","exportOk":"Export downloaded.","dangerTitle":"Danger zone","dangerBody":"Deleting your account removes all projects and API keys permanently.","deleteBtn":"Delete account","deleteConfirmTitle":"Delete account permanently","deleteConfirmBody":"Your account and all projects will be removed. This cannot be undone.","deleteConfirmOk":"Yes, delete","deleteConfirmCancel":"Cancel","deleteOk":"Your account was deleted.","loadError":"Could not load account."}},"children":["$L1c","$L1d"]}]

Требования

Прокси