Suggestion: proxy calls to private-per-user-per-notebook whitelisted urls

Given a lot of the time when exploring data visualisations you end up downloading some data from various urls and publishing somewhere else, such as a db or gist, in order to handle CORS restrictions, it would be super useful if observable servers could proxy requests under certain conditions. Obviously you don’t want to be passing around or forking notebooks that allow scripted access to anywhere but it seems to me that whitelisting urls on a per user, per notebook basis, similarly to how secrets are handled, would be secure enough and super convenient for the common case listed above.

It would be even more convenient for working with live data sources.

I understand you can setup your own proxy server(s) but would be really nice not to have to manage another piece of infrastructure.

Is there anything I’m missing?

If not, is this a potential future feature?

1 Like

Yes, this is a potential future feature that we’re thinking about.

There are an absolute armada of fully public data sets and sources out there that don’t have CORS configured, but are served publicly, without authentication.

Using a mechanism like Secrets — where the author defines the Host that should be accessible through the Observable proxy — is a great idea, because it would help us keep the Observable proxy from becoming an open proxy … and could also provide a nice bit of UI to hang rate limits on, perhaps.

I would like this very much as well.


5 posts were split to a new topic: Accessing CORS-less resources from notebooks