🐛 Library doesn't work clientside

[a-tokyo]

Thanks for the amazing work.

I noticed that the library doesn't work on any browser. It results in the error:

Refused to set unsafe header "user-agent"

Access to XMLHttpRequest at 'https://github.com/a-tokyo' from origin 'http://localhost:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Your schema is amazing and i'd love to use this, however I will have to use https://github.com/itaditya/simple-unfurl for now as it works clientside as well

[jacktuck]

Oh interesting. I get "ReferenceError: Cannot access 'cross_fetch_1' before initialization". I'll see what I can do.

[a-tokyo]

My workaround (I used this answer here to create a helper app that handles cross origin: https://stackoverflow.com/questions/43871637/no-access-control-allow-origin-header-is-present-on-the-requested-resource-whe):

    let raw;
    try {
      raw = await unfurled(url);
    } catch (err) {
      /** CORS failed to fetch? retry with cors proxy
       * this happens when for example localhost tries to unfurl dev-remote url due to different hosts
       * https://stackoverflow.com/questions/43871637/no-access-control-allow-origin-header-is-present-on-the-requested-resource-whe
       */
      try {
        raw = await unfurled(`${CORS_PROXY_URL}/${url}`);
      } catch (err2) {
        // handled - proceed and attempt to parse other data - eg: plural
      }
      // handled - proceed and attempt to parse other data - eg: plural
    }

[jacktuck]

Refused to set unsafe header "user-agent"

That was a fairly straightforward fix:
911590d#diff-f41e9d04a45c83f3b6f6e630f10117feR42

The reason i was getting

"ReferenceError: Cannot access 'cross_fetch_1' before initialization"

was that I was testing the library directly in codepen with unpkg. I'm guessing you're using a bundler, so you didn't run into this.

But due to the restrictive nature of CORS in the browser, i don't think there is any merit in keeping those fixes around.

Whilst your CORs proxy workaround works, it may not be the right approach. This library is approximately 1MB uncompressed (and 500kb compressed with webpack). So it'd add significant bloat and then when calling unfurl it'll block the event loop.

I recommend changing your CORS proxy service to do the unfurling. There is a great minimalist example here https://github.com/beeman/micro-unfurl

I will make it clearer in the readme that this is a server-side library and not supported for use client-side.

[jacktuck]

Do you not get the same CORS error with itaditya/simple-unfurl ?

[a-tokyo]

Yes I get it :/ so I added the proxy CORS thing to avoid these issues.

However I think I will just add a backend endpoint today that handles this. I am just worried the library would have the same errors in the backend as well @jacktuck

[jacktuck]

You shouldn't have the same issue as you'd have control of the endpoint - meaning you can add CORS response headers - either wildcard or specific to your domain(s).