Add "access-control-allow-origin: *" header to API responses to allow… #57
Conversation
… cross-origin web clients to use the APIs
|
Here's a little more information on why this is useful. I created the following dashboard to track my Python and JavaScript package downloads: https://craigahobbs.github.io/downloads/ The dashboard is a static, client-rendered web application - it has no backend. It can only load data from its domain or from cross-origin domains (e.g., pypistats.org and api.npmjs.org) that provide the CORS header ("access-control-allow-origin: *"). The api.npmjs.org API responds with the CORS header so that I can use it directly: https://api.npmjs.org/downloads/range/2022-06-22:2022-12-22/markdown-model https://github.com/craigahobbs/craigahobbs.github.io/blob/main/downloads/downloads.mds#L183 However, the pypistats.org API does not respond with the CORS header, so I can't use it directly. Instead, I periodically download and commit the API responses locally so that I can load them. https://github.com/craigahobbs/craigahobbs.github.io/blob/main/downloads/downloads.mds#L212 The dashboard would be better if I could use the pypistats.org API directly, as the data would always be up-to-date, and the periodic download step would no longer be required. Let me know if you have any questions about the pull request. Thanks! |
|
Same situation as the above! My personal website tracks my publications, https://mightbesimon.com 🥺 |
|
@crflynn any interest in this pull request? If no, I'll delete it. I don't see any downside to it though. It just enables web clients to use the API directly. Generally speaking, these are the best-behaved clients you'll see - they respect your cache headers and maintain connections sanely. |
… cross-origin web clients to use the APIs
This resolves issue #41