Help

This Product Ideas board is currently undergoing updates, but please continue to submit your ideas.

Feature Request: CORS Proxy

cancel
Showing results for 
Search instead for 
Did you mean: 
Mike_Pennisi
7 - App Architect
7 - App Architect

Many use cases for Airtable’s Scripting Block (and also for Custom Blocks) involve making requests to services running on another domain. Since scripts execute in the context of a web browser, such requests are restricted according to the Cross-Origin Resource Sharing (CORS) protocol. Users’ requests are frequently blocked for this reason.

At the moment, the Scripting Block does not offer a solution for this problem nor does its documentation recognize the need. Some Airtable users have found a publicly-available service to meet their immediate needs, e.g.

This is undesirable for a number of reasons:

  • users must discover the service on their own (This obstacle is particularly daunting for the entry-level programmers for whom the Scripting Block is designed. Even experienced developers can struggle with the complexity of CORS.)
  • the reliability of the service is not guaranteed
  • the trustworthiness of the service is unknown (The proxy has access to all the information intended for the destination service which frequently includes sensitive data like API keys and database contents.)

If Airtable provided a CORS proxy, it would fill what some might argue is a hole in the capabilities of the Scripting Block. It could confidently educate users on how/why to use the service, guiding them away from unsafe practices and toward more resilient solutions.

8 Comments
openside
10 - Mercury
10 - Mercury

Hi @Mike_Pennisi

Checkout https://on2air.com/on2air-storage

We just soft launched with support for proxy servers that can get around CORS

ScottWorld
18 - Pluto
18 - Pluto

Wow! I just watched the intro video on your website. This looks like an awesome (and much needed) product that solves a lot of security issues with Airtable! :slightly_smiling_face: Thank you for creating this!! :slightly_smiling_face:

Mike_Pennisi
7 - App Architect
7 - App Architect

This thread is about a way for Airtable to add more value for its users. If they agree that this functionality is essential, then they may not want to endorse any third party solution.

Olpy_Acaflo
9 - Sun
9 - Sun

Hi @Mike_Pennisi,
@openside,

Mike wrote faster than me what I wanted to write after reading this too, in addition to all other Use Cases that Mike reminds us: it’s really a mountain of possible difficulties to climb over in addition to learning to write respectable javascript, which can be evaluated by the Professionals who give us the gift of coaching us in this Community!

And moreover, it affects both Script-Block and Custom-Block so it’s not a weakness of Script-Block alone as it happens sometimes!

But that does not prevent me from respecting your proposal and the extensive work you share with the Community.
You are one of the People who helped me not only to learn how to put functional code on a Script-Block but to be challenging in the way to design and improve it.

@Michelle_Valentine @Kasra @Emma_Yeap @Billy_Littlefield
Now I hope that Airtable’s DEV’s will take this request in their priorities not to make us wait 2 years to offer us an internal solution at Airtable!

Best,

oLπ

Tyler_Campbell
6 - Interface Innovator
6 - Interface Innovator

Funny that you posted this today and cors-anywhere put out an update today that prevents you from making more than 200 calls every 60 minutes (breaking one of my workstreams).

Glad to see some people are making some cool 3P stuff @openside!

openside
10 - Mercury
10 - Mercury

Thanks @Tyler_Campbell - give it a go and let us know if any issues.

Adam_Krell
4 - Data Explorer
4 - Data Explorer

For those looking for a solution to this issue, one that I’ve used is to create a Lambda on AWS with Api Gateway and configure the Lambda to return the proper headers to deal with CORS. Check out the documentation.

jamesvclements
6 - Interface Innovator
6 - Interface Innovator

Any updates on this? How's everyone handling cross-origin requests in their Airtable scripts? Just writing serverless functions elsewhere and calling those?