Add 'Access-Control-Allow-Origin' header to the resources requested via API

[annapawlicka]

When I make an ajax GET request, I see this error:

XMLHttpRequest cannot load https://clojars.org/stats/all.edn. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.

Asking for format=jsonp returns plain json so the only workaround seems to be using a proxy where my server would make a request to clojars while my application would make a request to my server. I'd like to avoid that since the application is so tiny it doesn't need a server.

Is there any chance the make the API respond with Access-Control-Allow-Origin header?

[danielcompton]

@annapawlicka are you only looking for it for /stats?

[tobias]

I think this would be appropriate on /stats, /api, /search, and any of the /latest-version routes, since they all produce public json data.

@danielcompton thanks for jumping in :)

[annapawlicka]

what @tobias said :)

[thiagofm]

Will work on that. 👍

[tobias]

Great, thanks @thiagofm. Feel free to ping me if you have any issues or questions.

[tobias]

Reopening, since we don't yet have it for stats. That will need to be added to the nginx config.

[tobias]

nginx config for /stats updated with:

add_header Access-Control-Allow-Origin *;