Enable CORS on API

[Aaron Powell]

I'm wanting to create a Windows 8 Pinboard app using the HTML/ JS dev capabilities but since this really just runs as a browser querying the API happens at a browser level so it's subjected to the standard browser security. This means that to query the API I'd need Cross-Origin Resource Sharing (CORS) enabled. More information about CORS can be found here: http://enable-cors.org/

[Les Orchard]

On Wednesday, July 11, 2012 6:14:57 PM UTC-4, Adam Baxter wrote:

Count me in on this one - note that extra headers and an explicit Access-Control-Allow-Origin: are needed for authenticated requests.

Wondering if this might be a possibility in the future? This would be great for both the API and the RSS / JSON feeds.

All it would really take for the feeds is to slap this header on HTTP GET responses (ie. for feeds):

Access-Control-Allow-Origin: *

POST and other HTTP verbs are a more complicated story, but not much more.

[Michael Trouw]

Well what the hell. Here i am, after having search high and low for an app with which i can manage my 1300+ ridiculous amount of bookmarks on Pinboard.in because there is no way to do that on Pinboard.in except one by one. I could not find anything good so i set out to make my own little app for that. But now i am running into the same CORS problem these guys are mentioning. Can this please be added, it should require NO effort at all...

On Sunday, April 21, 2013 2:39:07 AM UTC+2, Nelson Chen wrote:

Count me in for this request. It would make API calls much easier. 

[Stephen Darlington]

Out of curiosity (and as the author of Yummy, an iOS client for Pinboard and Delicious), what do you mean by "manage" your bookmarks? What kind of "batch" operations would you want to perform on them?

--
You received this message because you are subscribed to the Google Groups "Pinboard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pinboard-dev...@googlegroups.com.
To post to this group, send email to pinboa...@googlegroups.com.
Visit this group at http://groups.google.com/group/pinboard-dev.
For more options, visit https://groups.google.com/groups/opt_out.

------------------------------------------------------------------------

                    Stephen Darlington (www.zx81.org.uk)

"I had a date once. It was the 11th of November"

------------------------------------------------------------------------

[maciej]

I'm also curious to hear specifics about this.  And I'd like to understand why people want CORS support (specific use cases).  It's not the effort I object to, it's enabling a very permissive setting without understanding the use scenario.

For what it's worth, I tend to look at the API as a programmatic way of interacting with the website from within code, and not as a web-friendly substrate to build browser apps on top of.

[Michael Trouw]

Huh, i replied yesterday to this but it does not show in google groups? quick test 1.2.3.

[Michael Trouw]

Ah, so something must have gone wrong the other day.

Sorry for the late reply, i will elaborate my use case: I have, when i first started using Pinboard, imported all my google chrome / firefox bookmarks (~1200 ish. i know, insane.).

I love the idea of having bookmarks in a centrally located place 'unbound' to any application. However, now i want to sort / filter / manage / delete all those bookmarks.

But, i am certainly not going to do this using the Pinboard 1-by-1 editing functionality. So i started looking for applications in which i can do this: i could not find any. Allmost all of them have individual editing, why??

So my idea was to use batch-editing, functional style reduction (apply filters: stale, amount of visits, for example) on a set of bookmarks (can be all, can be a specific tag, f.e.)
And THEN batch edit them. batch edit being that i can see multiple bookmarks at the same time, and choose to edit them (inline) or remove them. That way i can much more quickly reduce my insane amount of bookmarks to a more sane amount :)

Then, to address Maciej's (i presume the author of Pinboard? :>) remark:

I don't see that it matters what one does with an API: does it matter if one makes a true, native application or a webapplication? if so, why?
I just wanted to create a webapplication because i know how i can fairly rapidly create and deploy one, as proof of concept. What is the major point against enabling CORS, if i may ask on my turn? are there fears that someone will entirely recreate Pinboard and thus making Pinboard more of a database backend? if so that is not my plan, i just want to create a tool for my own use-case because i cannot find any reasonable other tools for this out there.

Thanks!

P.S. the idea for the 'stale' detection is not mine, credits to these guys (this also illustrates the need for a free, well built bookmark management application):
https://github.com/jparise/stale
https://gist.github.com/codatory/3111640

Michael.

On Monday, February 17, 2014 9:01:45 PM UTC+1, maciej wrote:

[Michael Trouw]

I forgot to say that i am now looking into making a slick app in either:

- Adobe AIR + Starling + Feathers, or:

- Python, using Requests + Kivy.

I have more experience with the first, however i'd like a challenge so i'm thinking going the Pythonic way.

Michael.

[Michael Trouw]

Here is a quick mockup i've juist built that illustrates what i would want to do, one screen, listing a load of bookmarks, by search and/or tags, filtered by additional filters:

https://www.dropbox.com/s/ma0eads2pbono2z/Screenshot%202014-03-13%2021.42.32.png

Maybe i have not been searching good enough and something like this exists? But even then, is it free? i'd like to contribute to the pinboard 'universe' by making this open source + free.

[Alex Kessinger]

I want CORS so that I can create a client-side browser app that can interact with the API just like an iOS, or Desktop app can. Although, because all API requests are GET requests you could also support jsonp and you would effectively enable the same behavior.

For those interested I found this heroku app https://github.com/aaronpowell/pinboard-bridge that you can probably setup for your self to give yourself CORS access.

Also, as a person who until recently had 15k+ bookmarks I found that the organize view suited my needs for doing large bulk operations.

[Michael Trouw]

Is it maybe exactly because all API requests are GET requests that Maciej does not want to add CORS / JSONP capabilities?

[alex kessinger]

Being GET requests, if you have a users credentials you can just insert script tags, or IMG tags to reek havoc. Adding jsonp, or CORS just makes it possible to build legit apps as well. 

You received this message because you are subscribed to a topic in the Google Groups "Pinboard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/pinboard-dev/RtyJC1Gm67E/unsubscribe.
To unsubscribe from this group and all its topics, send an email to pinboard-dev...@googlegroups.com.

To post to this group, send email to pinboa...@googlegroups.com.
Visit this group at http://groups.google.com/group/pinboard-dev.

For more options, visit https://groups.google.com/d/optout.

[Michael Trouw]

Exactly my point: adding JSONP / CORS capabilities makes it possible to build webapps with the Pinboard API but those webapps will be easier to reek havoc with.
Non-browser dependant applications do not need JSONP / CORS but it is also much harder to inject stuff / script tags etc., because they are binaries.

To unsubscribe from this group and all its topics, send an email to pinboard-dev+unsubscribe@googlegroups.com.

[maciej]

Yeah, that's one excellent reason I don't want to do it.

The other is that I don't want alternative web front-ends to Pinboard. Everyone should have to suffer alike!

[alex kessinger]

Well, settles that one. Heroku it is. 

You received this message because you are subscribed to a topic in the Google Groups "Pinboard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/pinboard-dev/RtyJC1Gm67E/unsubscribe.
To unsubscribe from this group and all its topics, send an email to pinboard-dev...@googlegroups.com.

To post to this group, send email to pinboa...@googlegroups.com.
Visit this group at http://groups.google.com/group/pinboard-dev.

For more options, visit https://groups.google.com/d/optout.

[ge]

Maybe that's a joke, but I don't find it funny. 

I imported a lot of bookmarks from delicious and, as I remember, google reader, and there are hundreds of stupid tags that I didn't put in manually.  I would love a way to consolidate my tags, rename, merge, etc.  Delicious had a good tool for that.  Why not let someone create one if you won't?

[Anders Thoresson]

I imported a lot of bookmarks from delicious and, as I remember, google reader, and there are hundreds of stupid tags that I didn't put in manually.  I would love a way to consolidate my tags, rename, merge, etc.  Delicious had a good tool for that.  Why not let someone create one if you won't?

If it's just tags you want to bulk-edit, Pinboard already has support for that: The Edit-button at the top of each page. Filter so that only bookmarks with the tag you want to edit are shown, select edit, mark all pages, add the new tag and remove the old one. 

I do this all the time. In my workflow I've different tags for different stages in my process.

/Anders

[maciej]

Enabling CORS has security implications that I don't fully understand, so I'm leaving it in the off position.

You're welcome to write any tool you want and run a browser without CORS enforcement to use it. Or write the tool and pass the requests through a backend server.  Or write a browser plug-in. But I can't turn on the scary setting for you.

[Michael Trouw]

Affirmative, roger that!

Already started work on an Adobe AIR app using Starling + Feathers. Stale check already working. P.S. Anders Thoresson nice tip! that means that i do not have to create this feature. i'll open up a new thread if and when it is finished, haha.

Michael

P.S. roughly looking like this now:  https://www.dropbox.com/s/6hejrwh4swbxhrm/Screen%20Shot%202014-03-16%20at%2022.06.22%20pm.png