ai generated solutions to our ai generated problems
This commit is contained in:
@@ -85,8 +85,11 @@ Vehicle icon PNGs are served statically at `/vehicle-icons` from `VEHICLE_ICONS_
|
||||
(populated at deploy from `SHARED/ICONS/VEHICLES`).
|
||||
|
||||
The proxy blocks cross-origin/API-navigation requests, strips CORS headers from
|
||||
the upstream response, rate limits callers, and caches successful GET responses
|
||||
briefly so public page traffic does not hammer the upstream API. All responses
|
||||
the upstream response, rate limits callers, and caches successful GET responses.
|
||||
Public TSS reads are also written to a bounded JSON snapshot cache and served at
|
||||
both their `/api/tss/*` route and matching `/data/*` path. Fresh snapshots return
|
||||
without touching the backend; stale snapshots are served immediately while the
|
||||
server refreshes them in the background. All responses
|
||||
ship `X-Content-Type-Options`, `X-Frame-Options: DENY`, `Referrer-Policy`,
|
||||
`Permissions-Policy`, `Cross-Origin-Opener-Policy`, `Cross-Origin-Resource-Policy`,
|
||||
HSTS (over HTTPS), and HTML responses include a Content Security Policy that
|
||||
@@ -109,6 +112,10 @@ Optional API protection tuning:
|
||||
|
||||
```sh
|
||||
API_CACHE_TTL_MS=15000
|
||||
PUBLIC_DATA_CACHE_DIR=~/tsswebstorage/public-data
|
||||
PUBLIC_DATA_CACHE_FRESH_MS=60000
|
||||
PUBLIC_DATA_CACHE_STALE_MS=86400000
|
||||
PUBLIC_DATA_PREWARM_INTERVAL_MS=60000
|
||||
API_RATE_LIMIT_WINDOW_MS=60000
|
||||
API_RATE_LIMIT_MAX=120
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user