Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: simplify protocol handling #599

Merged
merged 1 commit into from
May 18, 2024
Merged

fix: simplify protocol handling #599

merged 1 commit into from
May 18, 2024

Conversation

scissorsneedfoodtoo
Copy link
Contributor

Checklist:

Closes #597

This PR simplifies handling of the API resource protocol so resource links on the /api/pokemon endpoint only use HTTP when the project is running locally, and use HTTPS in all other cases.

I believe it's still possible for someone to set the headers to localhost:<port> when sending a request to the API, which would mean that the links at /api/pokemon would be HTTP rather than HTTPS, but I doubt it will be an issue for this project. At this point, learners should just be using fetch() without setting any headers.

@scissorsneedfoodtoo scissorsneedfoodtoo requested a review from a team as a code owner May 17, 2024 12:15
@lasjorg
Copy link
Contributor

lasjorg commented May 17, 2024

Are you sure we need to change the protocol? The real API gives you HTTPS links, and they work fine locally. It sets Access-Control-Allow-Origin: * and we use app.use(cors()), so it should work locally with HTTPS links...shouldn't it?

@scissorsneedfoodtoo
Copy link
Contributor Author

Hey @lasjorg, thanks for the additional input. That's all true.

My thinking is that it would be nice for all the links to work when running locally and in production. Currently if you're running the project locally, the output for the /api/pokemon endpoint looks like this:

{
  "count": 1302,
  "results": [
    {
      "id": 1,
      "name": "bulbasaur",
      "url": "http://localhost:3090/api/pokemon/1/"
    },
    {
      "id": 2,
      "name": "ivysaur",
      "url": "http://localhost:3090/api/pokemon/2/"
    },
    ...
  ]
}

Since all the links point to the dev API we can check that caching is working.

In production, they should point to the correct URLs, now using the expected protocol:

{
  "count": 1302,
  "results": [
    {
      "id": 1,
      "name": "bulbasaur",
      "url": "https://pokeapi-proxy.freecodecamp.rocks/api/pokemon/1/"
    },
    {
      "id": 2,
      "name": "ivysaur",
      "url": "https://pokeapi-proxy.freecodecamp.rocks/api/pokemon/2/"
    }
    ...
  ]
}

We could use a flag instead, but that might be overkill since this is the only time where the links / protocol should change. In other cases like /api/pokemon/<id-or-name>, we just return a truncated version of what the PokéAPI gives us.

@ahmaxed ahmaxed merged commit d1a219c into freeCodeCamp:main May 18, 2024
2 checks passed
@scissorsneedfoodtoo scissorsneedfoodtoo deleted the fix/pokeapi-proxy-protocol branch May 20, 2024 08:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ahmaxed ahmaxed ahmaxed approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Pokémon Proxy API: HTTPS replaced with HTTP in API response
3 participants
@scissorsneedfoodtoo @lasjorg @ahmaxed