lmorchard
commented
2 weeks ago I guess also consider relaxing the requirement to be logged in to access the feeds API?
Risks providing a general public API for feed fetching, but that might not be awful? Could be worth finding a way to tie it to the current page load though - something CSRF-ish?
When fetching feed data, use GET as a pure read. POSTs are for writes and let us route those to the primary instance with write access to the database.
Consider logic on the client to first GET feeds. Then for any feed that seems stale or out of date, follow up with a POST to request a feed update - which subsequently may lead to a write. This could help drive feed refresh in absence or in complement to a background scheduled feed polling job.