search

jacktuck / unfurl

Metadata scraper with support for oEmbed, Twitter Cards and Open Graph Protocol for Node.js :zap:
MIT License
475 stars 51 forks source link

🐛 Library doesn't work clientside #57

Closed a-tokyo closed 4 years ago

a-tokyo commented 4 years ago

Thanks for the amazing work.

I noticed that the library doesn't work on any browser. It results in the error:

Refused to set unsafe header "user-agent"

Access to XMLHttpRequest at 'https://github.com/a-tokyo' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Your schema is amazing and i'd love to use this, however I will have to use https://github.com/itaditya/simple-unfurl for now as it works clientside as well

jacktuck commented 4 years ago

Oh interesting. I get "ReferenceError: Cannot access 'cross_fetch_1' before initialization". I'll see what I can do.

a-tokyo commented 4 years ago

My workaround (I used this answer here to create a helper app that handles cross origin: https://stackoverflow.com/questions/43871637/no-access-control-allow-origin-header-is-present-on-the-requested-resource-whe):

    let raw;
    try {
      raw = await unfurled(url);
    } catch (err) {
      /** CORS failed to fetch? retry with cors proxy
       * this happens when for example localhost tries to unfurl dev-remote url due to different hosts
       * https://stackoverflow.com/questions/43871637/no-access-control-allow-origin-header-is-present-on-the-requested-resource-whe
       */
      try {
        raw = await unfurled(`${CORS_PROXY_URL}/${url}`);
      } catch (err2) {
        // handled - proceed and attempt to parse other data - eg: plural
      }
      // handled - proceed and attempt to parse other data - eg: plural
    }
jacktuck commented 4 years ago

Refused to set unsafe header "user-agent"

That was a fairly straightforward fix: https://github.com/jacktuck/unfurl/commit/911590d8e8ba051e67091d2d8d934fc0b387c792#diff-f41e9d04a45c83f3b6f6e630f10117feR42

The reason i was getting

"ReferenceError: Cannot access 'cross_fetch_1' before initialization"

was that I was testing the library directly in codepen with unpkg. I'm guessing you're using a bundler, so you didn't run into this.

But due to the restrictive nature of CORS in the browser, i don't think there is any merit in keeping those fixes around.

Whilst your CORs proxy workaround works, it may not be the right approach. This library is approximately 1MB uncompressed (and 500kb compressed with webpack). So it'd add significant bloat and then when calling unfurl it'll block the event loop.

I recommend changing your CORS proxy service to do the unfurling. There is a great minimalist example here https://github.com/beeman/micro-unfurl

I will make it clearer in the readme that this is a server-side library and not supported for use client-side.

jacktuck commented 4 years ago

Do you not get the same CORS error with itaditya/simple-unfurl ?

a-tokyo commented 4 years ago

Yes I get it :/ so I added the proxy CORS thing to avoid these issues.

However I think I will just add a backend endpoint today that handles this. I am just worried the library would have the same errors in the backend as well @jacktuck

jacktuck commented 4 years ago

You shouldn't have the same issue as you'd have control of the endpoint - meaning you can add CORS response headers - either wildcard or specific to your domain(s).