Code Quality: Ensure CORS headers in all error responses for jAI search API

[babblebey]

Problem

Some error responses from the jAI search API endpoint (src/pages/api/jai/search.js) may not include the required CORS headers, which can cause issues for frontend clients making cross-origin requests.

Current Behavior

• CORS headers are included in most responses, but may be missing in some error scenarios (e.g., thrown errors, timeouts).

Expected Behavior

• All error responses, regardless of the error type, should include the correct CORS headers.

Location

File: src/pages/api/jai/search.js

Proposed Implementation

• Audit all error handling code paths.
• Ensure every error response includes the CORS headers defined at the top of the handler.

Example:

return Response.json(
  { error: 'Some error message' },
  { status: 400, headers: corsHeaders }
);

Steps to Complete

1. Review all error handling code.
2. Add CORS headers to any missing error responses.
3. Test with various error scenarios to confirm headers are present.

Definition of Done

• All error responses include CORS headers.
• No CORS errors occur in frontend clients due to missing headers.
• Existing functionality remains intact.

[1sh-repalto]

Hello @babblebey, I have a good enough experience working with backend systems in multiple languages and would love to start my contributions here with this issue. Please assign it to me.

[babblebey]

Hey @1sh-repalto,

You have been assigned an issue and are only allowed to work on one issue at a time. 😉

[1sh-repalto]

Ah, got it! I’m still new to open source, so thanks for pointing this out. I’ll make sure to keep it in mind for next time—appreciate your help! 😊

[tharun634]

I can take this up in case it's still up for grabs!

[1sh-repalto]

Hello @babblebey, since I am finished with my previously assigned task I wanted to ask if I can work on this now.

[1sh-repalto]

Hi @babblebey, I wanted to provide an update on the approach I’m taking for the CORS improvements in 'src/pages/api/jai/search.js' and get your guidance:

Ensured that the catch block already includes the required CORS headers for all errors.

I added some early-return checks for invalid request bodies with CORS headers.

Planning to handle OPTIONS requests to cover CORS preflight.

The Issue
I’m currently unable to fully test these changes because the endpoint relies on an OpenAI API key. OpenAI no longer provides free credits for new users, so without a paid key, any test request (even via curl) returns a 429 Too Many Requests error.

My workaround for this
To test locally, I replaced the OpenAI call with a mocked response using a ReadableStream.

Could you advise the best way to test these CORS updates under this limitation? Should I proceed with submitting the changes as-is, or is there a recommended approach to mock the OpenAI response for testing?

Thanks!

[babblebey]

Create a Draft PR @1sh-repalto

We can discuss it better over on there... I like what I've seen so far though 😉