Please Support CORS from the Data API
It would be amazing if the Data API supported CORS (via some sort of authentication mechanism in addition to the API key).
As it stands right now, we'd have to write a proxy API to consume the Data API, which would take about the same amount of coding as creating webhooks on Atlas to modify the collections.
Hi! We are excited to announce that we now support client side access for Data API using Bearer Authentication. You can use the Data API to connect to MongoDB Atlas from any platform that supports HTTPS, including web browsers, and get around CORS errors. Check out our docs page here that goes over how to authenticate Data API requests for web browser access. If you would like to share any additional context on your use case or general feedback regarding this newly released feature, please feel free to email me at kaylee.won@mongodb.com.
-
Masao commented
Adding to Kaylee's answer above. This Realm SDK worked well for me: https://www.mongodb.com/docs/realm/web/
-
hao commented
Hi Kaylee, I have managed bearer token authentication and managed call by curl and Insomnia. But as a react web browser application, how to configure nginx properly to proxy client DB request to the mongodb data api correctly? Here is my nginx proxy part:
location /app {
proxy_set_header Content-Type application/json;
proxy_set_header Authorization <My access token>;
proxy_pass https://eu-central-1.aws.data.mongodb-api.com;
}
-
Rongxin commented
Hi, any updates on this?
I feel the WHOLE point of going SERVERLESS is to not need a server. Hence the comparison of Realm with something like Firebase.
It seems counter intuitive to require a developer to separately host a server (in our case), just to interact with a serverless function? If that's the case, I would just host the API directly from my little server and interact with a database.
-
James commented
I’m sure many have naturally resorted to creating our own wrapper around the Data API endpoint which currently has to be proxied and incur unnecessary extra round trip time, resources and another micro service. Unless you risk the atlas serverless tier, which can charge you huge random unexpected bills as I have experienced myself and others, the Atlas data API has unexplained response times of around 800ms or exceeding a second which defeats using it in a serverless architecture. I’ve resorted to making a generic data api which pools the connection and gets better round trip times. Calling a database from the frontend is seen by many to be a great future which isn’t quite materialising over here at Mongo. An example of a NoSQL DB with this vision in play already is ArangoDB and SurrealDB.
-
Patrick commented
CORS is useful to many usecases! I have created a thin wrapper on top of MongoDB Data API which allows developers to use the familiar API of MongoDB Node.js driver. I really hope to include the browser side usage.
https://github.com/patrick-kw-chiu/mongo-http.js
https://medium.com/better-programming/introducing-mongo-http-js-5ae2d74f2155 -
Glenn Cano commented
Any updateS?
-
MG commented
Please add CORS, It will be a game-changer.
-
John Hanley commented
Add CORS support is very important. I am working on PyScript (Python in the browser) and I wrote an article on the issues that I found with example code.
-
James commented
I would appreciate if Mongo could strive to support HTTP access to clusters in the same way that Arango does: https://www.arangodb.com/docs/stable/http/general.html
They have a mature solution that accounts for access control and security concerns with client side implementations as well.