How to fetch RSS feeds?

I am trying to fetch an RSS feed from an Invidious instance but I keep getting the following error:

Cross-Origin Request Blocked: 
The Same Origin Policy disallows reading the remote resource at 

(Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.

Note: The links work fine in a regular browser.

Relevant code:

use wasm_bindgen_test::{wasm_bindgen_test, wasm_bindgen_test_configure};
use gloo::net::http::{Method, Request};
use web_sys::RequestMode;

const TEST_SERVER: &'static str = "";
const TEST_RSS_FEED: &'static str = "UULF7YOGHUfC1Tb6E4pudI9STA";


async fn fetch_one_subscription() {
    let url = format!("{}/feed/playlist/{}", TEST_SERVER, TEST_RSS_FEED);

    let request =
            .header("Accept", "text/xml")

    let response = request.send().await.unwrap().text().await.unwrap();
    let feed: Feed = serde_xml_rs::from_str(&response).unwrap();

I tried using Reqwest with wasm-streams and it did not fix the issue.

I also found this post about using XmlHttpRequest from the web-sys crate. Although it seems very verbose for a simple request.

Is there a simpler way of doing this that I missing here?

What happens if you set the mode to RequestMode::NoCors?

1 Like

I get the following error with RequestMode::NoCors:

The resource at “” was blocked due to its Cross-Origin-Resource-Policy header (or lack thereof). See

Yeah right, my bad. Looks like other than using a proxy (if you can't get the owner of the server to add cors headers), making requests with JS's fetch API to a server that has not set up the right CORS rules won't be possible:

1 Like

Thanks for the help :slight_smile:

It seems that Freetube is somehow able to retrieve the feeds correctly though. Here's the link to the relevant code.

Electron is not as strict as normal browsers are when it comes to enforcing cors headers:

1 Like

Ah I see, thanks. Do you know if Tauri is as strict with enforcing cors headers?

You could try and set the setting to null and see if that helps. Otherwise, have you tried proxying the request through a tauri command? I.e. call the tauri command from your frontend and let the backend do the actual request to the remote server

1 Like

Try setting the credentials option to omit. This is one of the poorly-documented requirements to get the browser to skip the preflight check.

1 Like

If you're using Tauri, then instead of wrappers for JS fetch that comes with all kinds of browser sandbox limits, you can use Rust-native HTTP clients like reqwest. They won't care about origins.

1 Like

Unfortunately, I'm still getting CORS errors even with RequestCredentials::Omit.

Unfortunately, changing the CSP doesn't work either.

I have implemented a reqwest client in the Tauri backend for rss feed fetching. Thanks :slight_smile:

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.