Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set CORS header for suggestion path #1

Closed
Mastercuber opened this issue Feb 26, 2023 · 3 comments
Closed

Set CORS header for suggestion path #1

Mastercuber opened this issue Feb 26, 2023 · 3 comments
Assignees
@haoess

Comments

@Mastercuber
Copy link

Hi,
please consider setting the CORS Header (Access-Control-Allow-Origin) for the suggestion URL (https://www.dwds.de/wb/typeahead), since with no CORS Header and newer browsers, clients are considered "untrusted" by default and can't send a successful request to this URL. So this is also impossible from the background script of the add-on.

I'm currently trying to include the suggestions in the add-on - that's the reason why I ask for this. The current suggestion consists of only the full path of the current query (exactly 1 suggestion)

To configure the Access-Control-Allow-Origin Header with Apache, add the following to the configuration of the site (see header module doc and core (location directive) doc):

<Location "/wb/typeahead">
  Header always set "Access-Control-Allow-Origin" "*"
</Location>

where * represent every origin - so every origin (also the add-on origin) can access this endpoint.
@Mastercuber
Copy link
Author

I didn't spotted https://www.dwds.de/opensearch/suggest?q= till now. /wb/typeahead?q=tes and /opensearch/suggest?q=tes are not shielding the same result. I know that the format of both endpoints is different, but also the list of values is different when converted into each other (/wb/typeahead yields 10 results and /opensearch/suggest yields 5 results with the search-term tes, with not even one overlapping value)

@Mastercuber Mastercuber mentioned this issue Mar 15, 2023
Merged
@haoess
Copy link

haoess commented Jun 5, 2023

Thanks for your report! The HTTP header Access-Control-Allow-Origin: * is now provided for requests to /wb/typeahead and /opensearch.

Yes, both endpoints yield to different formats and data. I’ll have a look to make this more consistent. This code has been stable for ~ 8 years now, and now I can’t even find a reliable source in the Internet documenting the OpenSearch JSON result format …

@haoess haoess self-assigned this Jun 5, 2023
@Mastercuber
Copy link
Author

This is how mediawiki is responding to opensearch requests in json and this shows XML Response.

While following a link at the bottom of MDN | OpenSearch, I've been landing at a github repo also containing the OpenSearch 1.1 Draft 6. In the Draft is a section about response elements. There are examples for Atom and RSS and there is a statement telling that the response is not restricted to XML contexts.

Honestly, after reading the wikipedia article about OpenSeach, it seems like 1.1 Draft 6 was published in 2005 once and never really maintained or refined..

So for JSON search suggestion response I would adapt how others implemented this (like mediawiki and some other sites) or use the example RSS and Atom responses as an orientation for a self defined JSON response format.
Otherwise the Atom and RSS Feeds could be implemented and used in the browser instead of JSON. For parsing XML in the browser, DOMParser can be used.

Thanks for the CORS Header. I will adjust the PR, so that the endpoint will be used.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@haoess haoess

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@haoess @Mastercuber