How to fetch RSS feeds?

help
1

I am trying to fetch an RSS feed from an Invidious instance but I keep getting the following error:

Cross-Origin Request Blocked: 
The Same Origin Policy disallows reading the remote resource at 
https://invidious.fdn.fr/feed/playlist/UULF7YOGHUfC1Tb6E4pudI9STA. 

(Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200.

Note: The links work fine in a regular browser.

Relevant code:

use wasm_bindgen_test::{wasm_bindgen_test, wasm_bindgen_test_configure};
use gloo::net::http::{Method, Request};
use web_sys::RequestMode;

const TEST_SERVER: &'static str = "https://invidious.fdn.fr";
const TEST_RSS_FEED: &'static str = "UULF7YOGHUfC1Tb6E4pudI9STA";

wasm_bindgen_test_configure!(run_in_browser);

#[wasm_bindgen_test]
async fn fetch_one_subscription() {
    let url = format!("{}/feed/playlist/{}", TEST_SERVER, TEST_RSS_FEED);

    let request =
        Request::get(&url)
            .mode(RequestMode::Cors)
            .method(Method::GET)
            .header("Accept", "text/xml")
            .build()
            .unwrap();

    let response = request.send().await.unwrap().text().await.unwrap();
    let feed: Feed = serde_xml_rs::from_str(&response).unwrap();
}

I tried using Reqwest with wasm-streams and it did not fix the issue.

I also found this post about using XmlHttpRequest from the web-sys crate. Although it seems very verbose for a simple request.

Is there a simpler way of doing this that I missing here?

2

What happens if you set the mode to RequestMode::NoCors?

1 Like
3

I get the following error with RequestMode::NoCors:

The resource at “https://invidious.fdn.fr/feed/playlist/UULF7YOGHUfC1Tb6E4pudI9STA” was blocked due to its Cross-Origin-Resource-Policy header (or lack thereof). See https://developer.mozilla.org/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)#
4

Yeah right, my bad. Looks like other than using a proxy (if you can't get the owner of the server to add cors headers), making requests with JS's fetch API to a server that has not set up the right CORS rules won't be possible:

1 Like
5

Thanks for the help :slight_smile:

It seems that Freetube is somehow able to retrieve the feeds correctly though. Here's the link to the relevant code.

6

Electron is not as strict as normal browsers are when it comes to enforcing cors headers:

1 Like
7

Ah I see, thanks. Do you know if Tauri is as strict with enforcing cors headers?

8

You could try and set the tauri.security.csp setting to null and see if that helps. Otherwise, have you tried proxying the request through a tauri command? I.e. call the tauri command from your frontend and let the backend do the actual request to the remote server

1 Like
9

Try setting the credentials option to omit. This is one of the poorly-documented requirements to get the browser to skip the preflight check.

1 Like
10

If you're using Tauri, then instead of wrappers for JS fetch that comes with all kinds of browser sandbox limits, you can use Rust-native HTTP clients like reqwest. They won't care about origins.

1 Like
11

Unfortunately, I'm still getting CORS errors even with RequestCredentials::Omit.

12

Unfortunately, changing the CSP doesn't work either.

I have implemented a reqwest client in the Tauri backend for rss feed fetching. Thanks :slight_smile:

13

This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.