search

azu / irodr

RSS reader client like LDR for Inoreader.
https://irodr.netlify.app/
MIT License
127 stars 4 forks source link

[Temporary] Disable Netlify CORS Proxy #100

Closed azu closed 1 year ago

azu commented 1 year ago

At 2023-07-19, We have disabled Netlify CORS Proxy. It means that user can not fetch ironoreader API by default.

šŸ“ Inoreader API does not support CORS. Instead of It, we have used CORS Proxy.

Workaround

You can use UserScript to connect Inoreader API directly.

What's happened

We have used Netlify's _redirect for CORS Proxy

/api/*  https://www.inoreader.com/reader/api/:splat  200
/token  https://www.inoreader.com/oauth2/token 200

However, This Proxy cached unknown response.

The response's Age is old, and return old results. Additionaly, this endpoint ignore Authorization` request header and return the cache.

image

I've tests other API liks /api/0/user-info but it works.

After I deleted Netlify _redirect, but https://irodr.netlify.app/api/0/subscription/list still return unknown response. I tested Cross browser, Cross Device. (curl can not fetch the cache, it related to some header?) I think something strange is happening to Netlify.

šŸ“ I request https://irodr.netlify.app/api/0/subscription/list?1 and prune the cache.

Research

If the API supports standard HTTP caching mechanisms like ETags or Last-Modified headers, the responses will even get cached by our CDN nodes. https://docs.netlify.com/routing/redirects/rewrites-proxies/#proxy-to-another-service

Inoreader API does not return the ETags and Last-Modified.

image

TODO

azu commented 1 year ago
azu commented 1 year ago

Workaround: Always use cache busting parameter like ?cache={id}

Probably, Netlify cache the url with parameter. (So, I can purge cache via ?1)

We can avoid the cache by cache buster paramter.

/api/...?cache_buster_uuid=xxxxx
azu commented 1 year ago

https://irodr.netlify.app/api/0/subscription/list still return unknown cache. We will drop to use Netlify's _redirect.

We have locked https://irodr.netlify.app/ untill fix this issue.

Workaround:

git clone https://github.com/azu/irodr
yarn install
yarn start
azu commented 1 year ago

Workaround

You can use UserScript to connect Inoreader API directly.

* Clear IndexedDB, LocalStorage

* Install: https://github.com/azu/irodr/blob/master/resources/userScript/irodr-cors.js

Current Status. irodr require workaround scripts.

azu commented 1 year ago

Summary:

We have used Netlify Edge Function instead of _redirects proxy and fixed this issue.

I do not understand that _redirects cause this issue. However, The behaviour of _redirect is so strange that we decided to avoid using it.

I wrote CORS Proxy as code using Edge Functions.

Proxy would have been avoided if possible, but other methods are not very usable. Proxy has the risk that the operator(me) can peek into the user's Inoreader API communication. To avoid this, we do not include console logs in the Proxy.

Of couse, You can connect Inoreader API without Proxy using UserScripts.

Disclaimer: Netlify Edge Function has Quota, so CORS Proxy may stop if it determines that usage is too high.

5 GB / 1 TB bandwidth
58 / 25,000 build minutes
0 / 2M edge function invocations
image