May 31, 2020 01:50 PM
Hello,
I was working on a fetch to a site to retrieve JSON data with Basic Authentication. I got around the CORS block by setting " mode: ‘no-cors’" in my call to fetch. But I ran into a more serious problem. My calls to fetch() are not returning any data even if successful. Here’s my test program:
var url = ‘https://www.google.com/thisshouldfail’;
var url2 = ‘https://www.google.com/’;
var response = await fetch(url, {method:'GET', mode: 'no-cors'});
var response2 = await fetch(url2, {method:'GET', mode: 'no-cors'});
output.inspect(response);
output.text(response.status);
output.inspect(response2);
output.text(response2.status);
The output to this running is:
{}
0
{}
0
Looking at the browser’s network log I see the calls return the correct HTTP codes:
GENERAL:
Request URL: https://www.google.com/thisshouldfail
Request Method: GET
Status Code: 200
Remote Address: 172.217.9.228:443
Referrer Policy: no-referrer-when-downgrade
GENERAL:
Request URL: https://www.google.com/
Request Method: GET
Status Code: 200
Remote Address: 172.217.9.228:443
Referrer Policy: no-referrer-when-downgrade
The fetch() function call is not returning either 404 or 200 codes, nor the results of the successful call to google.com.
Is there another flag I need to get this to work?
Jun 02, 2020 12:19 PM
It’s a shame you’ve had to give up on this - pretty sure Jira is giving you an incomplete picture of their authentication protocols because I create many integrations with Jira and they pervasively support a thorough authentication process for User Impersonation. Their 3lo page even links to User Impersonation as an option.
I’m not trying to push you to drive down this pathway further, but I’m really sharing this for other users who land here looking for a glimmer of light at the end of the integration tunnel.
Jun 05, 2020 04:47 PM
Another note for other folks reading along: the no-cors
request mode is almost never what you want. That circumvents CORS restrictions, but it severely limits the usefulness of the response. In particular: it makes the response body inaccessible to JavaScript.
This page has a more thorough explanation:
Jun 06, 2020 07:13 AM
Indeed, this is not something you want to get good at. :winking_face: Often, we see “hurdles” and blindly try to knock them down only to discover that the tech we’re whacking is the drawbridge that keeps the alligators outside the castle walls.
Jun 11, 2020 11:51 AM
Mike,
Thanks for the link. I had a poor understanding of “no-cors” and thought it was not working within Airtable.
I am tempted to set up the cors-proxy referenced in that article for this use case. But for now I’m focused on writing a Data Dictionary generation and update script for our tables and fields. I’m finding that colleagues at work have difficulty knowing where a given field is defined, especially when the field is linked into several other tables.
Cheers,
Jerry