fix: don't use cors proxy to read pastebin raw#220
Conversation
Pastebin's raw endpoint is not actually part of their API and so already supports CORS (it always sets the `Access-Control-Allow-Origin` header to `*`), so no proxy is required. This means significantly less probability of impact when the CORS proxy is down, as its usage is now restricted only to when posting to Pastebin (which should be relatively rare, compared to fetching information from a Paste).
|
Thank you for all your work - your project is essential to playing the home game, at least as far as we're concerned. Today unexpectedly we could not load our map bounds or custom station list because cors-anywhere was down, which means we had to play "blind" on where our bounds actually were, and I'd really like to avoid that ever happening again. As far as I can tell, this should fix the problem. I understand cors-anywhere is a necessary evil sometimes, but it has extremely aggressive rate limiting and is often down in general (Internal Server Error), so I'd really like to limit its usage to when it's actually required to support base functionality. |
|
Thanks for researching this, I'll happily merge it! |
|
@all-contributors please add @RafDevX for code |
|
I've put up a pull request to add @RafDevX! 🎉 |
|
I believe that this is actually a regression, as Pastebin links no longer appear to function due to the cors issue. As such, I'm going to revert this. |
|
@taibeled Are you sure? The production version before the revert worked on my browser just fine, Pastebin links started working (didn't before because of cors anywhere). Is this a Chrome vs Firefox thing maybe? But I don't understand how, if the correct headers are sent |
|
Oh, it's my bad, I understand now - I have Pastebin Pro and so my pastes automatically allow CORS for the raw endpoint. I only tested with my own pastes, not anyone else's. That's really unfortunate, don't know how to solve this then... |
|
Ah, that would explain it. I'm looking into alternative cors proxies now. Hopefully I can find one that is at least somewhat sufficient. |
|
@taibeled Would you consider changing JetLagHideAndSeek/src/lib/utils.ts Lines 86 to 96 in 667335c Doing something like let response;
try {
response = await fetch("https://pastebin.com/ ...");
} catch {
response = await fetch("https://cors-anywhere.com/ ...");
}This would completely solve my problem, but I understand if you're reluctant to make 2 requests for virtually every case (as long as the paste isn't from a Pro account). However, a CORS preflight request is pretty fast these days, and this is not a very common operation (happens once per page load, and only for people using pastebins). Alternatively, would you be open to adding an option or a URL parameter to force this behavior? It would increase complexity, but honestly without a way to bypass the CORS proxy I think I'll have to fork this project and host it myself, as my last game was truly a terrible surprise to start playing and see that the proxy was down the whole day. Thank you for considering, I really appreciate the work you're doing! |
|
A second fetch request should be fine. If you can make a pull request, that would be great. Due to cors anywhere already being so spotty, I doubt that another fetch would worsen the pastebin functionality any further. |
2 participants
Pastebin's raw endpoint is not actually part of their API and so already supports CORS (it always sets the
Access-Control-Allow-Originheader to*), so no proxy is required. This means significantly less probability of impact when the CORS proxy is down, as its usage is now restricted only to when posting to Pastebin (which should be relatively rare, compared to fetching information from a Paste).