Problem with fetch - Not allowed to request resource

Hi everybody,

I would like to call an API from a server in our company.

Problem is that this server is accessible only via my VPN access.
I tried to use the Fetch with Basic Auth example, but got an error TypeError: Not allowed to request resource

I presume observablehq directs the request over the internet.

When I user postman client on my computer the fetch request works fine.

So I would like to ask you:

  1. Would be possible do direct the fetch request on observablehq via my VPN access?

  2. Even I would able to do this I will probably face a “Same Origin” error.
    I am actually getting this error when I make the fetch request via a script (Javascript) on my computer. Unfortunately cors-anywhere.com also do not work for me (probably because they forward my request via Internet and/or also change the Origin).

So I would like to hear from you how you handle this kind of situation.

Hi Paulo. When you make a fetch request from an Observable notebook, the request is coming directly from your browser (from your local computer), not through Observable’s servers—it works that way by default. (You can verify this by opening your browser’s developer tools and network tab.) So, you should be able to access anything in your Observable notebook that you’re able to access from your terminal provided that the resource you are trying to access is CORS-accessible.

Typically, the server you want to access should whitelist your notebooks’ origin. For example, if I wanted to access a server from my notebooks, I would whitelist mbostock.static.observableusercontent.com on the server, and when the server received a request from this origin, it would reply with the appropriate access-control-allow-origin header for that origin. This way only my notebooks can access the server, and not any other site on the internet. (Another way to further lock down access to the server would be to use a secret key or cookie-based authentication.)

1 Like

Hi Mike,

Thanks for the clarifications.
I will talk to our operations team if it is possible to whitelist my notebook address.