NVD API CORS Errors
YanWittmann opened this issue · comments
Initially, when the web application was developed, the fetch-requests to the NVD 2.0 API endpoints worked almost flawlessly every time (under the constraints of the request limit of 1 request per 6 seconds).
Now, it seems almost impossible for the requests to pass through the CORS of the NVD API, with each request failing:
![Screenshot 2024-02-26 at 09 49 16](https://private-user-images.githubusercontent.com/37689635/307721243-ff15f9d5-fddf-4129-b076-148241275f4d.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MjA1MTkxNDUsIm5iZiI6MTcyMDUxODg0NSwicGF0aCI6Ii8zNzY4OTYzNS8zMDc3MjEyNDMtZmYxNWY5ZDUtZmRkZi00MTI5LWIwNzYtMTQ4MjQxMjc1ZjRkLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA3MDklMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNzA5VDA5NTQwNVomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTlmNGQ0MjcyZjAzZWJjZmQxZDliOWI3YzAyYjBiNzRiMDQyZjljNThlZTdkMTAyYzIyNmJmZTA2NjAxYTk1ZTUmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.tyPcdxYbiuFXBxKY-XgqoE3INbDDLjyTkIvC0VWAV7E)
This is a weird behavior that I would not expect. This issue will attempt to find a solution for this.
It appears that when using the older XMLHttpRequests
instead of the fetch
API, the requests pass through much more consistently.
This actually seems to be the case. I can confirm that I have a significantly higher success rate with the XMLHttpRequest
. I'm not sure why though - I thought the fetch API did everything the XMLHttpRequests do, but better?
Maybe it is just that - they do more. Maybe it's the pre-flight OPTIONS request? Maybe it's the NVD 2.0 API that just rejects requests from the fetch API? I can't say that for certain.
I can consistently fetch the vectors now using the technique explained above.