Hmmm, the only think I can think of (perhaps you’ve already tried) is to set the referrer in the HTTP POST method (I assume you’re calling the API with POST) -
UPDATE - I just saw you are calling with GET, so this might work -

There’s all sorts of useful info here about cache-control and referrer-handling.
Playing around with the referrer (and ‘referer’, both spellings) and cache options from the link you provided both turned up unsuccessful.
I’ve paused on this approach for now and trying a new approach based on my existing server/code (but I’ll save that for a separate post).
Thanks for your suggestions though!
Just to post some code as a follow-up. I think this includes most/all of the relevant parameters listed in the fetch() documentation. I’ve also tried several different options for the parameters in different combinations, but no dice.
output.text('# Hello, world!');
let vimeoUrl = 'https://vimeo.com/api/oembed.json?url=https%3A//vimeo.com/';
let publicId = '392348731';
let privateId = 'xxxxxxxxx';
let runtime = await retrieveRuntime(privateId);
output.inspect(runtime);
output.text(`Video __${runtime.title}__ has a duration of ${runtime.duration} seconds.`);
async function retrieveRuntime(videoId) {
let headers = {
'Referer': 'http://airtable.com',
};
let response = await fetch(vimeoUrl + videoId, {
method: 'get',
headers: headers,
mode: 'cors',
cache: 'no-store',
referrer: 'http://airtable.com',
referrerPolicy: 'origin-when-cross-origin',
//referrerPolicy: 'origin',
})
return response.json();
}
For reference, the following curl call is successful and returns a 200 “domain_status_code”, so the video does acknowledge Airtable as a valid referrer domain.
curl "https://vimeo.com/api/oembed.json?url=https%3A//vimeo.com/xxxxxxxxx" --referer "http://airtable.com/"
Calling Vimeo directly via the scripting block would be the ideal method, but given the current issues (and my progress with the proxy-server method) I’m focusing on the proxy-server approach for the moment. Just wanted to update this thread with the latest that I’ve tried.
Just to post some code as a follow-up. I think this includes most/all of the relevant parameters listed in the fetch() documentation. I’ve also tried several different options for the parameters in different combinations, but no dice.
output.text('# Hello, world!');
let vimeoUrl = 'https://vimeo.com/api/oembed.json?url=https%3A//vimeo.com/';
let publicId = '392348731';
let privateId = 'xxxxxxxxx';
let runtime = await retrieveRuntime(privateId);
output.inspect(runtime);
output.text(`Video __${runtime.title}__ has a duration of ${runtime.duration} seconds.`);
async function retrieveRuntime(videoId) {
let headers = {
'Referer': 'http://airtable.com',
};
let response = await fetch(vimeoUrl + videoId, {
method: 'get',
headers: headers,
mode: 'cors',
cache: 'no-store',
referrer: 'http://airtable.com',
referrerPolicy: 'origin-when-cross-origin',
//referrerPolicy: 'origin',
})
return response.json();
}
For reference, the following curl call is successful and returns a 200 “domain_status_code”, so the video does acknowledge Airtable as a valid referrer domain.
curl "https://vimeo.com/api/oembed.json?url=https%3A//vimeo.com/xxxxxxxxx" --referer "http://airtable.com/"
Calling Vimeo directly via the scripting block would be the ideal method, but given the current issues (and my progress with the proxy-server method) I’m focusing on the proxy-server approach for the moment. Just wanted to update this thread with the latest that I’ve tried.
Unfortunately, the subdomain for each block is unique. It follows the pattern https://*.airtableblocks.com
, so you could try that if vimeo supports it, otherwise the proxy-server approach seems better.
Unfortunately, the subdomain for each block is unique. It follows the pattern https://*.airtableblocks.com
, so you could try that if vimeo supports it, otherwise the proxy-server approach seems better.
Two Ideas
- Why not make the sub-domain name a block runs within be a function of the block ID?
- Why not expose the subdomain of each block as an attribute in script?
Either of these approaches would make the referrer predictable and unique and without risking any security.