Using BunqJSClient in a browser fails on CORS filter

bunqCommunity / bunqJSClient

A javascript SDK for the bunq API

MIT License

58 stars 22 forks source link

Using BunqJSClient in a browser fails on CORS filter #21

Closed nilskohrs closed 6 years ago

nilskohrs commented 6 years ago

I'm trying to use BunqJSClient for a progressive web app build with Angular but I'm running into the issue that every request gets CORS checked and blocked.

Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access. The response had HTTP status code 405.

screenshot from 2018-07-05 12-07-37

I'm using:

bunq-js-client 0.22.2
Chromium Browser 66.0.3359.181
Ubuntu 18.04

Is there any way to make this work?

Crecket commented 6 years ago

Since bunq doesn't support CORS requests you can't run the js client in most browsers right now. You'll need an environment which allows you to ignore this like Electron or a NodeJS environment.

null-33 commented 5 years ago

@Crecket

It says on the front page of the project:

A unofficial javascript SDK for the bunq API. It is aimed at allowing single page applications to do all interactions with bunq without proxying through other services.

This project was originally built for the browser but has since then been tested and used with NodeJS servers. If you do want to use NodeJS you can still easily create a custom storage handler (with the default being Localstorage) like described in the installation section.

Can you explain how it goes from SPA and "without proxying through other services" and "built for the browser" to "you have to use this in Electron or NodeJS"?

It is implied you can use this library directly from the browser/frontend without using a backend.

Crecket commented 5 years ago

As far as I know bunq isn't planning on allowing CORS requests to the API sadly. We run it in Electron which allows CORS security checks to be ignored

null-33 commented 5 years ago

I understand (now) that this is because of limitations on bunq's side, however the information on the project page is very confusing. I personally don't consider Electron a browser, it's just a specialised wrapper for the Chromium render engine, and Node.js certainly isn't a browser.

It would be better to state this more clearly on the project page.