search

pilwon / node-yahoo-finance

Yahoo Finance historical quotes and snapshot data downloader written in Node.js
491 stars 123 forks source link

Access Control Allow Origin #34

Open penspinner opened 7 years ago

penspinner commented 7 years ago

I am receiving an Access Control Allow Origin error when I use the historical function. I haven't tried snapshot function though.

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 500. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Has anyone gotten this? How to fix?

mikinty commented 4 years ago

Wanted to bump this issue -- trying to get this package working in browser.

I'm running chrome now and getting Access to fetch at 'https://finance.yahoo.com/quote/AAPL/history' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I have tried adding headers to the request in the package in util.js,

return _.assign({}, optionalOptions, {
  resolveWithFullResponse: true,
  jar: cookiejar,
  // new headers here
  headers: {
      'Access-Control-Allow-Origin': '*',
      'Access-Control-Allow-Headers': '*',
      'Access-Control-Allow-Methods': '*'
  },
});

and I get a slightly different error message: Access to fetch at 'https://finance.yahoo.com/quote/AAPL/history' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Is this an issue with the package, or do I have to configure something in my code? I know that CORS has to do with finance.yahoo.com being different from my current url domain, which is localhost, but I feel like this package should be able to work out of the box. If there are any fixes, let me know.

The package works fine in Node.js, which won't complain about CORS, unlike browsers.

mikinty commented 4 years ago

I figured out how to fix the CORS solution.

In constants.js of the package, just add a proxy that can forward you the results of the GET call. I'm using a well-known proxy that people use to forward CORS, but it's not an elegant solution because who knows if the server goes down.

const PROXY_URL = 'https://cors-anywhere.herokuapp.com/';
exports.HISTORICAL_CRUMB_URL = PROXY_URL + 'finance.yahoo.com/quote/$SYMBOL/history';
exports.HISTORICAL_DOWNLOAD_URL = PROXY_URL + 'query1.finance.yahoo.com/v7/finance/download/$SYMBOL';
exports.SNAPSHOT_URL = PROXY_URL + 'query2.finance.yahoo.com/v10/finance/quoteSummary/$SYMBOL';

I'm sure there's a way to somehow append this to all URLs without editing the package...I just don't know how to do it. If anyone has insight on this please help us out.

mikinty commented 4 years ago

Also, as mentioned in the README, I tried passing in the httpRequestOptions with the proxy but it didn't work...so maybe that is a bug.

gespinha commented 3 years ago

Any news on wether the httpRequestOptions are a known bug or not?