diff --git a/package.json b/package.json index c868262..95c11c8 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "ted-open-data-explorer", - "version": "2.0.0", + "version": "2.0.1", "description": "TED Open Data Explorer — Bootstrap + Vanilla JS", "private": true, "type": "module", diff --git a/src/js/services/tedAPI.js b/src/js/services/tedAPI.js index cae8120..d2a0b70 100644 --- a/src/js/services/tedAPI.js +++ b/src/js/services/tedAPI.js @@ -20,16 +20,23 @@ import { normalize } from '../facets.js'; -// Production TED API for real deployments, acceptance for anywhere else -// (localhost, preview builds, staging). The acceptance instance holds the -// same schema but non-production data — safer for dev and exploration. -const TED_API_PRODUCTION = 'https://api.ted.europa.eu/v3'; -const TED_API_ACCEPTANCE = 'https://api.acceptance.ted.europa.eu/v3'; +// Always use the acceptance TED API. The production API +// (api.ted.europa.eu) does NOT include CORS headers for our deploy +// origin (docs.ted.europa.eu), so calling it from a browser-based app +// fails with a preflight error and the procedure timeline does not +// load. The acceptance API (api.acceptance.ted.europa.eu) does allow +// the cross-origin request and is what version 1.0.0 of this app used +// in production unconditionally. +// +// This restores parity with 1.0.0. A request has been filed with the +// TED API admins to enable CORS for docs.ted.europa.eu on the +// production API; once that lands, this can be flipped back to a +// per-host switch (see CORS_REQUEST.md at the repo root for the +// outgoing request and the conditions for re-enabling the switch). +const TED_API = 'https://api.acceptance.ted.europa.eu/v3'; function getTedApi() { - const host = window.location.hostname; - const isProduction = host === 'docs.ted.europa.eu' || host === 'data.ted.europa.eu'; - return isProduction ? TED_API_PRODUCTION : TED_API_ACCEPTANCE; + return TED_API; } const PROCEDURE_NOTICE_LIMIT = 249; const NOTICE_LOOKUP_LIMIT = 10;