Save the date! Join us on October 16 for our Product Ops launch event. Register here.
Jun 05, 2020 08:19 AM
I am using a script to fetch stock prices from https://financialmodelingprep.com/api/v3/quote-short/?{stock}?apikey=*
I run it and the CORS error pops up saying it is unable to fetch the data.
Then sometimes Ill click it and it’ll fetch but return the price undefined…
Any workaround to having this work a bit better? Here is my code if anyone is curious
output.markdown ("# Updating stock prices");
let table = base.getTable (“Stocks”),
records = await table.selectRecordsAsync ();
await Promise.all (
records.records.map (async record => {
let stock = record.getCellValue ("Ticker");
if (! stock) {
output.text ("Can't update the price of stock with no name");
return;
}
output.text (`Updating price of ${stock}...`);
// make request
var requestResult = await fetch (
`https://financialmodelingprep.com/api/v3/quote-short/${stock}?apikey=*`
).then (r => r.json ());
// print fetched data
output.markdown (`${stock}'s price right now is: **$${requestResult.price}**`)
// update record in table
return await table.updateRecordAsync (record, {
"CSP": requestResult.price,
"CSP Date": new Date ()
});
})
);
output.markdown ("# Done!");
Jun 05, 2020 04:22 PM
Have you seen this?
Jun 05, 2020 06:06 PM
I’m still learning external APIs, but I recently found that blocks will throw CORS errors if there is an error in my script that’s unrelated to the server’s CORS support.
Jun 06, 2020 06:57 AM
This is typically the case; it’s really the browser encountering an error that it cannot discern the nature of. And we can’t really blame the Script Block; this is coming from the client whose security settings are attempting to honor the restrictions imposed by cross-domain interchanges.
Jun 11, 2020 07:31 AM
I’ve removed a majority of the code and its still freezing up :confused: Also tried with three different browsers, What the heck am I doing wrong here?
output.markdown ("# Updating stock prices");
let table = base.getTable ("Stocks"),
records = await table.selectRecordsAsync ();
await Promise.all (
records.records.map (async record => {
let stock = record.getCellValue ("Ticker");
if (! stock) {
output.text ("Can't update the price of stock with no name");
return;
}
// make request
var requestResult = await fetch (
`https://financialmodelingprep.com/api/v3/stock/real-time-price/${stock}?apikey=*`
).then (r => r.json ());
// update record in table
return await table.updateRecordAsync (record, {
"CSP": requestResult.price,
"CSP Date": new Date ()
});
})
);
output.markdown ("# Done!");
Jun 11, 2020 07:46 AM
Is a space allowed in this context? Shouldn’t it be maybe r.json()
? And what does freezing up mean? Are there specific error messages you can share from the javascript console?
Jun 11, 2020 08:00 AM
Good syntax suggestion, but made no difference on CORS. This is wildly annoying. I’ve now tried in safari, chrome, and brave. No dice. Sometimes it will fetch a few quotes, but then show the error anyways. I’m not trying to fetch this every hour. Maybe once a month. Maybe there is a better API handler I can GET instead of the current website? Any suggestions?
Jun 11, 2020 08:58 AM
Indeed, and unfortunately, sidestepping CORS may not be in your user’s best interest.
Any site your browser visits can make cross-site requests to any domain it wants, with relatively few restrictions. Abuse of this functionality is known as Cross-Site Request Forgery (CSRF). CSRF has been around for 15 years, and for most of that time, CSRF tokens were the only solution. More recently, this new browser standard was developed to allow “safe” cross-origin requests: HTML5 Cross-Origin Resource Sharing (CORS). In reality, CORS has opened up a new attack surface for cross-site requests and made preventing them way more complex.
I noticed that your code provides no HEADERS such as Access-Control-Allow-Origin
; have you experimented with them including no-cors
?
Well, I think I’m lacking some skills in this hunt for the proper design pattern to help you make this work partly because I rarely build integrations that access the Airtable API directly (from client). Rather, almost every use case where Airtable data is required, I buffer that interaction with a NodeJS layer and in many cases I build these in everyday Google Apps Script (it is fundamentally serverless-side javascript not unlike NodeJS).
Through experience I’ve found that this approach is more resilient, it’s impervious to possible outages in Airtable (there aren’t many, but it helps to have apps that fail with grace and integrity), and it eliminates the CORS calamity altogether. It’s my chicken-sh*t way of dodging challenging roadblocks while sustaining profitability. :slightly_smiling_face:
Depending on the app/data size and performance requirements, I tend to cache-forward data into Firebase or ElasticSearch, but in some cases a simple Google Sheet does the job quite well.
Jun 11, 2020 09:13 AM
If I could give you a huge reddit gold trophy I would. Thanks for your help! Really appreciate it :slightly_smiling_face: Ill work on a few different implementations and see if anything sticks
Jun 23, 2020 07:51 PM
@Chris_Finck out of curiosity, did you get this working? I just tried it and it worked for me, so I wonder if financialmodelingprep.com changed their API to allow cross-origin (CORS) requests.