opendata-stuttgart/feinstaub-api

Allow CORS

Ryuno-Ki opened this issue · 8 comments

Steps to reproduce (for example, from github.com):

jQuery.get("http://archive.luftdaten.info/2015-10-01/2015-10-01_ppd42ns_sensor_27.csv").then(function(response) { console.log("response", response); });
Object { state: .Deferred/r.state(), always: .Deferred/r.always(), then: .Deferred/r.then(), promise: .Deferred/r.promise(), pipe: .Deferred/r.then(), done: Q.Callbacks/f.add(), fail: Q.Callbacks/f.add(), progress: Q.Callbacks/f.add() }
Content Security Policy: The page's settings blocked the loading of a resource at http://archive.luftdaten.info/2015-10-01/2015-10-01_ppd42ns_sensor_27.csv ("connect-src https://github.com https://uploads.github.com https://status.github.com https://api.github.com https://www.google-analytics.com https://github-cloud.s3.amazonaws.com https://api.braintreegateway.com https://client-analytics.braintreegateway.com wss://live.github.com").

Albeit this is CSP, it would be handy to have a way to request the data via XHR (aka "Ajax").
Therefore CORS must be enabled. This way I could write a client-side only JavaScript application which pulls the data in. JSONP would be fine, too.

As far as I understood CSP you would need to declare a website which is allowed access to http://archive.luftdaten.info/2015-10-01/2015-10-01_ppd42ns_sensor_27.csv.

mfa commented

archive.luftdaten.info is only a nginx server and not the same server/application as feinstaub-api.

The blocking header is set by github.com.
The header Content-Security-Policy restricts the resources you can include. It should be possible to load the data files if your page is hosted on a server not sending this header.
Or if you can configure this header in this server.

Rajko

Am 24. März 2016 22:04:35 MEZ, schrieb "André Jaenisch" notifications@github.com:

Steps to reproduce (for example, from github.com):

jQuery.get("http://archive.luftdaten.info/2015-10-01/2015-10-01_ppd42ns_sensor_27.csv").then(function(response)
{ console.log("response", response); });
Object { state: .Deferred/r.state(), always: .Deferred/r.always(),
then: .Deferred/r.then(), promise: .Deferred/r.promise(), pipe:
.Deferred/r.then(), done: Q.Callbacks/f.add(), fail:
Q.Callbacks/f.add(), progress: Q.Callbacks/f.add() }
Content Security Policy: The page's settings blocked the loading of a
resource at
http://archive.luftdaten.info/2015-10-01/2015-10-01_ppd42ns_sensor_27.csv
("connect-src https://github.com https://uploads.github.com
https://status.github.com https://api.github.com
https://www.google-analytics.com https://github-cloud.s3.amazonaws.com
https://api.braintreegateway.com
https://client-analytics.braintreegateway.com wss://live.github.com").

Albeit this is CSP, it would be handy to have a way to request the data
via XHR (aka "Ajax").
Therefore
CORS
must be enabled. This way I could write a client-side only JavaScript
application which pulls the data in. JSONP would be fine, too.

As far as I understood
CSP

you would need to declare a website which is allowed access to
http://archive.luftdaten.info/2015-10-01/2015-10-01_ppd42ns_sensor_27.csv.


You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
#6

@mfa Is there a way to access those archive data through the feinstaub-API? (If possible, even anonymous)

@Ryuno-Ki nope, currently not as the data is generated on a dedicated server (archive.luftdaten.info) from a nightly db dump. The main API does not have to do anything with it (besides providing the dump)

@asmaps Can you point me to where the API provides the dump?

It's not public as its a raw Postgres dump containing hashed passwords, session keys etc. It's generated with a cronjob and copied with scp to @mfa 's server

but I think you should be able to access the data as json via the /data endpoint for the public sensors ( https://api.luftdaten.info/v1/data/ ). It's not those csv files then, but should be the same data afaik.

Looks good. Thanks!