Notes on bypassing CORS restriction (error) in JavaScript code that fetches blogger blog feed
Last updated on 2 April 2024
I have put up an HTML and JavaScript modified (and simplified) version of Google Apps Script based bloggerToEbook . Key feature of this barebones blogger blog feed to set of posts (book) HTML & JS program is bypassing CORS restriction/error using cors-anywhere.herokuapp.com. For more on latter, see section '4. Using CORS-anywhere' in https://codedamn.com/news/javascript/javascript-cors-error-handling . You can use the program by simply downloading the index.html and script.js files and then opening index.html in a browser like Chrome. A server like Live Server (VSCode extension) is not needed.
To save the dynamically rendered HTML in Chrome browser, I am using Save Rendered HTML Chrome extension but that seems to need a server like Live Server. Print as PDF can also be used to save rendered page as PDF. Chrome browser's Save As ... command used with 'Save as type:' specified as "Webpage, Single File (*.mhtml)" results in a single .mhtml file being created which has all text and images in the (dynamically) rendered page.
I also tried out the "2. Using a proxy server" suggestion in above mentioned codedamn.com article, which essentially is creating a simple Node Express proxy server using the http-proxy-middleware node package, and using that proxy server (on localhost i.e. one's computer) instead of cors-anywhere.herokuapp.com.
I stumbled into a problem of fetch from the index.html page and associated script code, run through LiveServer on localhost on one port (4000) being blocked by CORS from accessing the proxy server on same localhost on another port (3001)! The following article covers this scenario: Why does my JavaScript code receive a "No Access-Control-Allow-Origin header is present on the requested resource" error, while Postman does not?, https://sentry.io/answers/why-does-my-javascript-code-receive-a-no-access-control-allow-origin-header-error-while-postman-does-not/ .
Solution was to use cors node package. I also figured out how to get some more logging info. from http-proxy-middleware package.
The simple app server code hardcodes the target URL (blog) (an improved version could pick up the target URL from an environment variable), and the script.js front end code is slightly different from above mentioned solution. The code files (app.js, index.html and script.js) for this solution
...
I am working on a slightly improved version (using cors-anywhere.herokuapp.com) which takes in some parameters like blog URL via the HTML page, and provides margin and max width for displayed set of posts (book). But I want to spend very limited time on it now and so the improvements will be limited. I will be updating this post after that is ready. [31 Mar. 2024: Just put up an in-progress version on Github.]
31 Mar. 2024: Came across an alt=json-in-script solution which needs a dynamic script tag, which does not run into CORS issue at all. So no need for any proxy server. Just put up in-progress version of it on Github. It lacks even basic error handling as of now.
...
https://developers.google.com/gdata/docs/json#json-in-script-output explains json-in-script and how it "allows you get around some of the cross-domain security issues you might encounter in typical client side JavaScript" using callback functions. An extract from sample source code provided in it showing initial part of the callback function listEvents and then the script tag, is given below:
var feed = root.feed;
...
<script src="http://www.google.com/calendar/feeds/developer-calendar@google.com/public/full?alt=json-in-script&callback=listEvents"></script>
...
...
Comments
Post a Comment