Access Control Allow Origin

[penspinner]

I am receiving an Access Control Allow Origin error when I use the historical function. I haven't tried snapshot function though.

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 500. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Has anyone gotten this? How to fix?

[mikinty]

Wanted to bump this issue -- trying to get this package working in browser.

I'm running chrome now and getting
Access to fetch at 'https://finance.yahoo.com/quote/AAPL/history' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I have tried adding headers to the request in the package in util.js,

return _.assign({}, optionalOptions, {
  resolveWithFullResponse: true,
  jar: cookiejar,
  // new headers here
  headers: {
      'Access-Control-Allow-Origin': '*',
      'Access-Control-Allow-Headers': '*',
      'Access-Control-Allow-Methods': '*'
  },
});

and I get a slightly different error message:
Access to fetch at 'https://finance.yahoo.com/quote/AAPL/history' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

Is this an issue with the package, or do I have to configure something in my code? I know that CORS has to do with finance.yahoo.com being different from my current url domain, which is localhost, but I feel like this package should be able to work out of the box. If there are any fixes, let me know.

The package works fine in Node.js, which won't complain about CORS, unlike browsers.

[mikinty]

I figured out how to fix the CORS solution.

In constants.js of the package, just add a proxy that can forward you the results of the GET call.
I'm using a well-known proxy that people use to forward CORS, but it's not an elegant solution because who knows if the server goes down.

const PROXY_URL = 'https://cors-anywhere.herokuapp.com/';
exports.HISTORICAL_CRUMB_URL = PROXY_URL + 'finance.yahoo.com/quote/$SYMBOL/history';
exports.HISTORICAL_DOWNLOAD_URL = PROXY_URL + 'query1.finance.yahoo.com/v7/finance/download/$SYMBOL';
exports.SNAPSHOT_URL = PROXY_URL + 'query2.finance.yahoo.com/v10/finance/quoteSummary/$SYMBOL';

I'm sure there's a way to somehow append this to all URLs without editing the package...I just don't know how to do it.
If anyone has insight on this please help us out.

[mikinty]

Also, as mentioned in the README, I tried passing in the httpRequestOptions with the proxy but it didn't work...so maybe that is a bug.

[gespinha]

Any news on wether the httpRequestOptions are a known bug or not?