Comments (19)
Hi @JoarGjersund, we currently don't support CORS and don't recommend making API calls from a web page.
from notion-sdk-js.
Hi @alicial / Notion - now that the API is out of beta, do any of the new updates enable this kind of functionality? I'm hoping now I can hook into the API from a webpage, and/or a Figma plugin I'm building.
from notion-sdk-js.
I think the problem can be solved by just adding a whitelist to the configuration page of the Notion Integration, indicating the domains under which the secret can be called, what is the reason for not doing so? Is it because there will be a lot of asynchronous requests from the web page that will burden the server?
from notion-sdk-js.
I'm not sure which framework you are using, or if is just Html and CSS, but consider using something like Next.js or Nuxt.js, as I'm doing with Next.js everything is static, and you wouldn't have this issue.
A second option as stated above is using a proxy, for this, I would suggest using Cloudflare workers, I already have something like that setup here:
https://cors.yasbr.com
I suggest deploying your own using this repo:
https://github.com/yassinebridi/cors
There is no documentation yet, but just read on Cloudflare workers, and how to set up deployment using Github actions.
from notion-sdk-js.
Hello guys, I wrote my worker because of some issues. You can implement to your side easily, here it is;
const API_END_POINT = "https://api.notion.com/v1";
export default {
async fetch(request, env) {
return await handleRequest(request)
}
}
function getCorsHeaders(request) {
return {
"Access-Control-Allow-Origin": request.headers.get("Origin"),
"Access-Control-Allow-Methods": "GET, HEAD, POST, PUT, OPTIONS",
"Access-Control-Allow-Headers": "Content-Type",
};
}
function handleOptions(request) {
return new Response(null, {
headers: getCorsHeaders(request),
});
}
async function handleRequest(request) {
if (request.method === "OPTIONS") {
return handleOptions(request);
}
let url = new URL(request.url);
let requestUrl = `${API_END_POINT}${url.pathname}`;
let notionResponse = await fetch(requestUrl, {
body: request.body,
headers: {
"Authorization": "Bearer SECRET_KEY",
"Notion-Version": "2022-06-28",
},
method: request.method
});
return new Response(notionResponse.body, {
headers: {"Content-Type": "application/json", ...getCorsHeaders(request)},
status: notionResponse.status,
statusText: notionResponse.statusText
});
}
Change SECRET_KEY
value with yours
from notion-sdk-js.
I think the problem can be solved by just adding a whitelist to the configuration page of the Notion Integration, indicating the domains under which the secret can be called, what is the reason for not doing so? Is it because there will be a lot of asynchronous requests from the web page that will burden the server?
Any practical reason to not enable this sweet solution?
from notion-sdk-js.
Any updated?
from notion-sdk-js.
I'm not sure which framework you are using, or if is just Html and CSS, but consider using something like Next.js or Nuxt.js, as I'm doing with Next.js everything is static, and you wouldn't have this issue.
A second option as stated above is using a proxy, for this, I would suggest using Cloudflare workers, I already have something like that setup here:
https://cors.yasbr.com
I suggest deploying your own using this repo:
https://github.com/yassinebridi/cors
There is no documentation yet, but just read on Cloudflare workers, and how to set up deployment using Github actions.
Hi @yassinebridi is it just me or your worker solution does not work?
https://cors.yasbr.com/https://api.notion.com/v1/databases/[DBID_HERE]
Thanks
from notion-sdk-js.
A current workaround for this is to run the browser with CORS check disabled.
This will work as long as you're the only user. Anyone else who hasn't disabled that option won't be able to get the results. Pretty sure you don't expect users to disable it and you're aware of the security concerns that come with it.
In case you still need to work around the issue, I'd recommend deploying something like cors-anywhere
to one of your servers. Not the best solution but it's been super helpful to have around when I've needed to deal with this type of situations.
from notion-sdk-js.
Thanks for the reply guys! I was hoping it would be possible to make API calls on client side from static webpage without setting up a server and configuring to much back-end stuff, but I guess that won't be possible without at least setting up a cors proxy server.
from notion-sdk-js.
I am just using the simplest of the simple javascript, fetching the auth key and database via GET.
Here is my initial test code where I'm inserting some test data to a table in notion.
<html>
<head>
<script>
const urlParams = new URLSearchParams(window.location.search);
var database = urlParams.get('db')
var auth = urlParams.get('auth')
const data = {
"parent": { "database_id": database },
"properties": {
"Name": {
"title": [
{
"text": {
"content": "test, test2"
}
}
]
}
}
};
function loadDoc() {
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
document.getElementById("demo").innerHTML = this.responseText;
if (this.readyState == 4 && this.status == 200) {
document.getElementById("demo").innerHTML = this.responseText;
}
};
xhttp.open("POST", "https://api.notion.com/v1/pages", true);
xhttp.setRequestHeader("Authorization", "Bearer " + auth);
xhttp.setRequestHeader("Content-type", "application/json");
xhttp.setRequestHeader("Notion-Version", "2021-05-13");
xhttp.send(JSON.stringify(data));
}
</script>
</head>
<body>
<h1>The XMLHttpRequest Object</h1>
<p id="demo"></p>
<button type="button" onclick="loadDoc()">Request data</button>
</body>
</html>
from notion-sdk-js.
I was trying to build out some cool stuff in codepen hooking into the Notion API and I ran into this same problem. bummer!! I'm hopeful you will add some kind of whitelist support soon. Full disclosure - I am a designer (working in design systems) and not a dev, so my use cases will be a bit different.
from notion-sdk-js.
Hi @alicial / Notion - now that the API is out of beta, do any of the new updates enable this kind of functionality? I'm hoping now I can hook into the API from a webpage, and/or a Figma plugin I'm building.
I second this! I am trying to make calls to the API from notion.so/user/page/xxxxxx
to implement 'custom' commands and being blocked by CORS
from notion-sdk-js.
Hello, you could use a worker from Cloudflare to proxy your requests to the notion API: https://developers.cloudflare.com/workers/examples/cors-header-proxy/
from notion-sdk-js.
Hi! I've been exploring this idea as a workaround, thank you. Was also thinking of using JSONP so that other users don't have to create a proxy too. Is that a feasible solution in your opinion?
from notion-sdk-js.
I don't see how using JSONP for posting data to Notion API will work, please share your solution.
from notion-sdk-js.
Not working.Even though i tried setting up my own worker https://<my-domain>/https://api.notion.com/v1
same CORS issue. Any solution?
from notion-sdk-js.
@kalaomer be careful embedding secret keys directly in your worker code. Use wrangler references instead:
from notion-sdk-js.
@Phylo229 thanks for warning, i will update my worker :)
from notion-sdk-js.
Related Issues (20)
- In version 2.2.13: QueryDatabaseResponse response types include PartialDatabaseObjectResponse | DatabaseObjectResponse HOT 1
- Map over database results union type HOT 3
- `users.me` types refuse `auth` parameter
- DatabaseObjectResponse ts missing title
- Replace node-fetch with isomorphic-fetch HOT 3
- The attribute `name` in database properties is not respected
- I am experiencing difficulties logging into Notion on the Windows platform. This issue seems to be affecting the login process, preventing me from accessing my Notion workspace HOT 1
- DatabasePropertyConfigResponse is a local type HOT 2
- Reading a "Person" property from a database entry returns only the first result
- Notion Formula Has a Bug Regarding Time Formatting HOT 3
- npm install ERR! for 'parse-text-from-any-block-type' examples
- How do I get value from blocks.retrieve
- The `punycode` module is deprecated HOT 3
- Missing `request_id` type in `OauthTokenResponse`
- unable to add external to files HOT 1
- multi_select type bug HOT 1
- Error: Insufficient permissions for this endpoint.
- I found the Mar 22, 2024 bug. I caused the problem HOT 5
- NotionS
- Inconsistent type: Cursor for parameters is string|undefined but for responses is string|null HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from notion-sdk-js.