ai generated solutions to our ai generated problems

This commit is contained in:
2026-06-20 00:43:44 +01:00
parent fb773489f5
commit 22bff51147
7 changed files with 218 additions and 35 deletions
+7 -7
View File
@@ -86,12 +86,12 @@ Vehicle icon PNGs are served statically at `/vehicle-icons` from `VEHICLE_ICONS_
The proxy blocks cross-origin/API-navigation requests, strips CORS headers from
the upstream response, rate limits callers, and caches successful GET responses.
Public TSS reads are written to a bounded JSON snapshot cache and served at both
their `/api/tss/*` route and matching `/data/*` path. The frontend uses `/data/*`
by default for public pages. Fresh snapshots return without touching the backend;
stale snapshots are served immediately while the server refreshes them in the
background. Missing `/data/*` snapshots are filled from the matching upstream API
with a short timeout, then written atomically for future requests. All responses
Public TSS reads are written to a bounded JSON snapshot cache and served through
their normal `/api/tss/*` route. Fresh snapshots return without touching the
backend; stale snapshots are served immediately while the server refreshes them
in the background. Matching `/data/*` paths are also available for diagnostics or
static-first experiments, but the frontend uses `/api/tss/*` by default so the
site stays dynamic. All responses
ship `X-Content-Type-Options`, `X-Frame-Options: DENY`, `Referrer-Policy`,
`Permissions-Policy`, `Cross-Origin-Opener-Policy`, `Cross-Origin-Resource-Policy`,
HSTS (over HTTPS), and HTML responses include a Content Security Policy that
@@ -119,7 +119,7 @@ PUBLIC_DATA_CACHE_FRESH_MS=300000
PUBLIC_DATA_CACHE_STALE_MS=86400000
PUBLIC_DATA_PREWARM_INTERVAL_MS=300000
PUBLIC_DATA_COLD_TIMEOUT_MS=8000
VITE_STATIC_DATA=true
VITE_STATIC_DATA=false
VITE_SITE_GATE=false
API_RATE_LIMIT_WINDOW_MS=60000
API_RATE_LIMIT_MAX=120