Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Make the api wide-open #47
@satazor I mean that if i try to make an ajax request it will result with such error:
XMLHttpRequest cannot load https://api.npms.io/v2/search?q=whs+plugin. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access.
Oh that's a CORS problem. The API is not currently wide-open, it only allows origins that match
//cc @atduarte what are your thoughts? Opening the API will make it vulnerable against DDoS attacks, specially on sites that have high traffic and want to harm npms.io for some reason. Still highly unlikely.
changed the title from
Is there a way to deploy it to openshift?
Make the api wide-open
Sep 25, 2016
@preco21 we already use CF. At the moment, the API does not send any cache headers upstream and no caching rules are configured in CF. We can start sending cache headers though, 1m or more.
@mikeerickson we will definitively need that once we integrate with GitHub to give a more personalised search experience, but for now it would introduce complexity for little benefit.
I think it's reasonable to wide-open the API.. I don't think anyone would put a script into a high traffic website just to harm npms.io.. If that ever happens, we can consider re-enabling the CORS or add cache headers so that CF handles most traffic for us.