Allow CORS
Ryuno-Ki opened this issue · 8 comments
Steps to reproduce (for example, from github.com):
jQuery.get("http://archive.luftdaten.info/2015-10-01/2015-10-01_ppd42ns_sensor_27.csv").then(function(response) { console.log("response", response); });
Object { state: .Deferred/r.state(), always: .Deferred/r.always(), then: .Deferred/r.then(), promise: .Deferred/r.promise(), pipe: .Deferred/r.then(), done: Q.Callbacks/f.add(), fail: Q.Callbacks/f.add(), progress: Q.Callbacks/f.add() }
Content Security Policy: The page's settings blocked the loading of a resource at http://archive.luftdaten.info/2015-10-01/2015-10-01_ppd42ns_sensor_27.csv ("connect-src https://github.com https://uploads.github.com https://status.github.com https://api.github.com https://www.google-analytics.com https://github-cloud.s3.amazonaws.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com wss://live.github.com").
Albeit this is CSP, it would be handy to have a way to request the data via XHR (aka "Ajax").
Therefore CORS must be enabled. This way I could write a client-side only JavaScript application which pulls the data in. JSONP would be fine, too.
As far as I understood CSP you would need to declare a website which is allowed access to http://archive.luftdaten.info/2015-10-01/2015-10-01_ppd42ns_sensor_27.csv.
archive.luftdaten.info is only a nginx server and not the same server/application as feinstaub-api.
The blocking header is set by github.com.
The header Content-Security-Policy restricts the resources you can include. It should be possible to load the data files if your page is hosted on a server not sending this header.
Or if you can configure this header in this server.
Rajko
Am 24. März 2016 22:04:35 MEZ, schrieb "André Jaenisch" notifications@github.com:
Steps to reproduce (for example, from github.com):
jQuery.get("http://archive.luftdaten.info/2015-10-01/2015-10-01_ppd42ns_sensor_27.csv").then(function(response) { console.log("response", response); }); Object { state: .Deferred/r.state(), always: .Deferred/r.always(), then: .Deferred/r.then(), promise: .Deferred/r.promise(), pipe: .Deferred/r.then(), done: Q.Callbacks/f.add(), fail: Q.Callbacks/f.add(), progress: Q.Callbacks/f.add() } Content Security Policy: The page's settings blocked the loading of a resource at http://archive.luftdaten.info/2015-10-01/2015-10-01_ppd42ns_sensor_27.csv ("connect-src https://github.com https://uploads.github.com https://status.github.com https://api.github.com https://www.google-analytics.com https://github-cloud.s3.amazonaws.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com wss://live.github.com").Albeit this is CSP, it would be handy to have a way to request the data
via XHR (aka "Ajax").
Therefore
CORS
must be enabled. This way I could write a client-side only JavaScript
application which pulls the data in. JSONP would be fine, too.As far as I understood
CSP
you would need to declare a website which is allowed access to
http://archive.luftdaten.info/2015-10-01/2015-10-01_ppd42ns_sensor_27.csv.
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
#6
@mfa Is there a way to access those archive data through the feinstaub-API? (If possible, even anonymous)
@Ryuno-Ki nope, currently not as the data is generated on a dedicated server (archive.luftdaten.info) from a nightly db dump. The main API does not have to do anything with it (besides providing the dump)
It's not public as its a raw Postgres dump containing hashed passwords, session keys etc. It's generated with a cronjob and copied with scp to @mfa 's server
but I think you should be able to access the data as json via the /data endpoint for the public sensors ( https://api.luftdaten.info/v1/data/ ). It's not those csv files then, but should be the same data afaik.
Looks good. Thanks!