Closed scissorsneedfoodtoo closed 5 months ago
Are you sure we need to change the protocol? The real API gives you HTTPS links, and they work fine locally. It sets Access-Control-Allow-Origin: *
and we use app.use(cors())
, so it should work locally with HTTPS links...shouldn't it?
Hey @lasjorg, thanks for the additional input. That's all true.
My thinking is that it would be nice for all the links to work when running locally and in production. Currently if you're running the project locally, the output for the /api/pokemon
endpoint looks like this:
{
"count": 1302,
"results": [
{
"id": 1,
"name": "bulbasaur",
"url": "http://localhost:3090/api/pokemon/1/"
},
{
"id": 2,
"name": "ivysaur",
"url": "http://localhost:3090/api/pokemon/2/"
},
...
]
}
Since all the links point to the dev API we can check that caching is working.
In production, they should point to the correct URLs, now using the expected protocol:
{
"count": 1302,
"results": [
{
"id": 1,
"name": "bulbasaur",
"url": "https://pokeapi-proxy.freecodecamp.rocks/api/pokemon/1/"
},
{
"id": 2,
"name": "ivysaur",
"url": "https://pokeapi-proxy.freecodecamp.rocks/api/pokemon/2/"
}
...
]
}
We could use a flag instead, but that might be overkill since this is the only time where the links / protocol should change. In other cases like /api/pokemon/<id-or-name>
, we just return a truncated version of what the PokéAPI gives us.
Checklist:
Update index.md
)Closes https://github.com/freeCodeCamp/demo-projects/issues/597
This PR simplifies handling of the API resource protocol so resource links on the
/api/pokemon
endpoint only use HTTP when the project is running locally, and use HTTPS in all other cases.I believe it's still possible for someone to set the headers to
localhost:<port>
when sending a request to the API, which would mean that the links at/api/pokemon
would be HTTP rather than HTTPS, but I doubt it will be an issue for this project. At this point, learners should just be usingfetch()
without setting any headers.