Shoutout to APIs that do not enforce CORS preventing requests be made from FE without a need for a BE. There's so many toy apps I started building that would have just worked if this was more common, but they have CORS restrictions requiring me to spin up a BE which for many one-off tools and personal tools just isn't worth doing and maintaining. Same with OAuth.
Yes, exactly. People who want to "disable" it have no idea how the web works. Developers have all kinds of misconceptions about what it is, I even heard someone saying it disallows backends to call their API.
And in particular CORS is the region you can read the wikkpedia api cross origin (unless you are doing jsonp, but hopefully they are using CORS because it is better in every way)
I would only use something like this that requires absolutely no authentication. For example, I had a one page app that showed me instantly when the next shuttle(s) were scheduled for my stop. Instead of having to click through multiple steps, this allowed me to see it in one step. As far as I know, I was the only user for this thing I built and put up on gitlab pages. I don't know exactly because I didn't bother to track who visited the page.
This is the way to go, you wouldn't want to use a CORS proxy for something authenticated/with credentials (e.g. API key). But for public unauthenticated request, they work just fine.
The only caveat I feel is that the speed of the API is definitely not comparable to something more purpose built for this kind of scale, but overall I'm happy as it works well enough that I don't have to think about it too hard.
I think Github Actions could be used for scheduled builds, so that the initial load would have random articles right in. Further requests could then be made in advance so users would not notice any delay from the API.
I attempted to implement the schedule trigger [1] on GitHub Actions as an example, but it is not being triggered as I expected. It needs more digging if you're so inclined.
Aside from that, the whole gist is that the initial data can be injected into the static files during the build step, or even saved as separate JSON files that the app can load instead of reaching out to the API. As long as you're willing to refresh the static data from time to time, of course.
I created a basic example at https://schedbuild.pages.dev/ with a rough, manual implementation of a build step. Frameworks like Next.js offer a more sophisticated approach that can render the entire HTML, allowing users to load the static page with the initial data already rendered without Javascript, and subsequent interactions taking over from there more seamlessly.
If the Github Actions schedule feature is ever sorted out, in my opinion it's a reasonable alternative to setting up a backend just for this.
Edit to the other comment: the cron job wasn't being triggered at first, but turns out it's just slightly delayed. The example has been updated hourly since then.
You can use a schedule trigger [1] on GitHub Actions.
The whole gist is that the initial data can be injected into the static files during the build step, or even saved as separate JSON files that the app can load instead of reaching out to the API. As long as you're willing to refresh the static data from time to time, of course.
I created a basic example at https://schedbuild.pages.dev/ with a rough, manual implementation of a build step. Frameworks like Next.js offer a more sophisticated approach that can render the entire HTML, allowing users to load the static page with the initial data already rendered without Javascript, and subsequent interactions taking over from there more seamlessly.
In my opinion this is a reasonable alternative to setting up a backend just for this.
Shameless plug for Magic Loops -- we run code in isolated MicroVMs and students love our lack of CORS enforcement, as the APIs they build can be easily integrated into their hackathon projects :)
