ai generated solutions to our ai generated problems
This commit is contained in:
@@ -86,12 +86,12 @@ Vehicle icon PNGs are served statically at `/vehicle-icons` from `VEHICLE_ICONS_
|
||||
|
||||
The proxy blocks cross-origin/API-navigation requests, strips CORS headers from
|
||||
the upstream response, rate limits callers, and caches successful GET responses.
|
||||
Public TSS reads are written to a bounded JSON snapshot cache and served at both
|
||||
their `/api/tss/*` route and matching `/data/*` path. The frontend uses `/data/*`
|
||||
by default for public pages. Fresh snapshots return without touching the backend;
|
||||
stale snapshots are served immediately while the server refreshes them in the
|
||||
background. Missing `/data/*` snapshots are filled from the matching upstream API
|
||||
with a short timeout, then written atomically for future requests. All responses
|
||||
Public TSS reads are written to a bounded JSON snapshot cache and served through
|
||||
their normal `/api/tss/*` route. Fresh snapshots return without touching the
|
||||
backend; stale snapshots are served immediately while the server refreshes them
|
||||
in the background. Matching `/data/*` paths are also available for diagnostics or
|
||||
static-first experiments, but the frontend uses `/api/tss/*` by default so the
|
||||
site stays dynamic. All responses
|
||||
ship `X-Content-Type-Options`, `X-Frame-Options: DENY`, `Referrer-Policy`,
|
||||
`Permissions-Policy`, `Cross-Origin-Opener-Policy`, `Cross-Origin-Resource-Policy`,
|
||||
HSTS (over HTTPS), and HTML responses include a Content Security Policy that
|
||||
@@ -119,7 +119,7 @@ PUBLIC_DATA_CACHE_FRESH_MS=300000
|
||||
PUBLIC_DATA_CACHE_STALE_MS=86400000
|
||||
PUBLIC_DATA_PREWARM_INTERVAL_MS=300000
|
||||
PUBLIC_DATA_COLD_TIMEOUT_MS=8000
|
||||
VITE_STATIC_DATA=true
|
||||
VITE_STATIC_DATA=false
|
||||
VITE_SITE_GATE=false
|
||||
API_RATE_LIMIT_WINDOW_MS=60000
|
||||
API_RATE_LIMIT_MAX=120
|
||||
|
||||
Reference in New Issue
Block a user