timc1 / use-google-autocomplete

A simple React Hook API that returns Google Autocomplete results with session_token handling.
MIT License
27 stars 11 forks source link

Make CORS server configurable #5

Open houmark opened 5 years ago

houmark commented 5 years ago

Hi @timc1,

Great work here. I like it. But I've seen some serious slowdowns on the "bundled" cors-anywhere Heroku server. It sometimes takes 20-30 seconds for a reply.

Would you accept a PR that makes the CORS server endpoint configurable in the existing options parameter?

Also I can see in the source code, that you're setting cors to empty when env is production which confused me a bit? How do you use it yourself when in production?

faahim commented 5 years ago

Having the exact same issue! Not sure how can I make this work on production! Did you find any workaround @houmark? :slightly_smiling_face:

houmark commented 5 years ago

@faahim Nope. I dropped this integration for now with the plan to fork it in the future (and make a PR here so my fork could be dropped if accepted) and make it configurable and then maybe add an example for creating your own simple node server that handles the cors.

faahim commented 5 years ago

Thanks for response @houmark.

I already went a bit far with this without realizing the issue (I should deploy to staging more often -_- ) and didn't want to redo all the things. So I did basically what you're thinking. Forked the repo and added my own node proxy server in it. Maybe I should create a PR here but the repo seems to be inactive :confused:

isBatak commented 4 years ago

This endpoint https://maps.googleapis.com/maps/api/place/autocomplete/ was never meant to be used on client-side, so CORS problems could not be solved. As noted here https://developers.google.com/places/web-service/search Also, if google somehow detects this abuse your whole organization could be banned from google. You should use this only on server-side and add server IP to the restriction list in the google dashboard. Then you can expose your custom API endpoint as a proxy to the service, but be careful because at that point it is public and anyone could take that endpoint and use it with your credentials (API key), which will produce a bigger bill. You should probably handle CORS on your server and allow only your website domain.