Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

API endpoint cannot be accessed by browser #156

Open
sxzz opened this issue Mar 3, 2024 · 3 comments · May be fixed by #188
Open

API endpoint cannot be accessed by browser #156

sxzz opened this issue Mar 3, 2024 · 3 comments · May be fixed by #188
Assignees
@lucacasonato
Labels
bug Something isn't working

Comments

@sxzz
Copy link
Contributor

sxzz commented Mar 3, 2024

  • Add CORS header
image
  • Cannot visit by browser page, it shows 404 page. It could caused by accept header.

https://jsr.io/@std/assert/meta.json

// 404 page
❯ curl 'https://jsr.io/@std/assert/meta.json' -H 'accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7'

// works without accept header
❯ curl 'https://jsr.io/@std/assert/meta.json'
@littledivy littledivy added the bug Something isn't working label Mar 4, 2024
@lucacasonato lucacasonato self-assigned this Mar 4, 2024
@lucacasonato
Copy link
Member

Here what we will do:

  • All GET / HEAD requests to the modules bucket (so no Accept: text/html) will get a Access-Control-Allow-Origin: * and Access-Control-Expose-Headers: *
  • All HEAD / GET / POST / PUT / PATCH / DELETE requests to the API server (https://api.jsr.io) will get a Access-Control-Allow-Origin: * and Access-Control-Expose-Headers: * header.
  • All OPTIONS requests to the API server will return with status 200, and Access-Control-Allow-Headers: Authorization, X-Cloud-Trace-Context, Access-Control-Allow-Methods: HEAD, GET, POST, PUT, PATCH, DELETE, Access-Control-Allow-Origin: *, Access-Control-Max-Age: 3600

@marvinhagemeister
Copy link
Contributor

Wondering if we should move the meta.json endpoint to the api server instead. That way we can avoid the whole accept header stuff which seems to cause most of the confusion.

@lucacasonato
Copy link
Member

It's not just the meta.json tho - it's all the module code also.

@lucacasonato lucacasonato linked a pull request Mar 5, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lucacasonato lucacasonato

Labels
bug Something isn't working
Projects
JSR
Status: In Progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: add cors to API endpoints jsr-io/jsr
4 participants
@marvinhagemeister @sxzz @lucacasonato @littledivy