search

sanity-io / sanity-plugin-mux-input

An input component that integrates Sanity Studio with MUX.com video encoding/hosting service.
https://mux.com
MIT License
51 stars 55 forks source link

Importing existing videos fails from CORS restrictions #373

Open ivyrze opened 4 months ago

ivyrze commented 4 months ago

Describe the bug

Trying to import videos into Sanity (as opposed to uploading directly through the plugin) fail with the message:

[!CAUTION] There was an error getting all data from Mux. But we've found 0 video not in Sanity, which you can start importing now.

Checking the console, I can see that it's due to the request being called client-side:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.mux.com/video/v1/assets?limit=100&page=1. (Reason: CORS request did not succeed). Status code: (null).

After disabling CORS checks in my browser, everything works as expected.

To Reproduce

Steps to reproduce the behavior:

  1. Publish project to external domain
  2. Go to the Videos tab in Sanity Studio
  3. Click on "Import from Mux"

Expected behavior

Videos should be available to import without error.

Which versions of Sanity are you using?

Run sanity versions in the terminal and copy-paste the result here.

@sanity/cli (global)             3.49.0 (up to date)
@sanity/astro                     3.1.4 (up to date)
@sanity/icons                     3.2.0 (up to date)
@sanity/image-url                 1.0.2 (up to date)
@sanity/orderable-document-list   1.2.1 (up to date)
@sanity/table                     1.1.2 (up to date)
@sanity/types                    3.49.0 (up to date)
@sanity/vision                   3.49.0 (up to date)
sanity                           3.49.0 (up to date)

What operating system are you using?

macOS 14.5

Which versions of Node.js / npm are you running?

Run npm -v && node -v in the terminal and copy-paste the result here.

10.1.0
v22.3.0
good-idea commented 3 months ago

It looks like Mux API requests (like the one used here to fetch available assets) do not allow for client-side requests. I've just come across this bug, but have not used this feature in the past - I'm wondering if it ever worked in the first place?

I'm not sure how this can be fixed without creating our own server-side endpoint for making secure requests --- and a way to tell this plugin what that endpoint is.

ivyrze commented 3 months ago

My guess is it got overlooked because it seems to work fine when running on the dev server.

The Sanity team has done exactly that in the past — creating Content Lake endpoints to proxy the Mux API requests (e.g. https://<projectId>.api.sanity.io/.../addons/mux/assets). Ideally we could do that again, but since the Content Lake is closed-source, we will need some help from the maintainers. This has been a bottleneck for #372/#52 as well.