You can impose a timeout on a fetch with a one liner:<p><a href="https://developer.mozilla.org/en-US/docs/Web/API/AbortSignal/timeout_static" rel="nofollow">https://developer.mozilla.org/en-US/docs/Web/API/AbortSignal...</a><p>Part of the awkwardness in the post is also mixing what looks like express with promises. I think using an async function as the handler with express 5 would probably feel a lot nicer.<p>I agree about CORS being frustrating. I think we should have allowed totally anonymous fetch requests across domains for saved to home screen PWAs (or with a permission prompt.) Missing that feature means you end up needing native apps for a lot of things that otherwise are totally reasonable web apps. CORS does make sense though because the alternative is drive by attacks against your local network from random web pages. And since the S in IOT stands for security that seemed like a bad idea at the time.
I sympathize with the authors pain, and at least from the comments, it sounds like most have a similar view of CORS. Many weeks of face -> keyboard in response.<p>At some point trying to write JS, I really started believe that the people who implemented CORS did it just to break every single part of the world wide web that might ever be enjoyable.<p>It really felt like somebody held out a beautiful idea with AJAX, and requests lacking synchronization, and then the only response was endless exploits, security holes, patches that took away functionality, and posts like the authors. "This idea seems so simple...nevermind, 'Access-Control-Allow-Origin' ERROR"
There is another solution, in this specific case. If all they wanted is to start returning the test results before all the tests are done, a streaming http response can be used.<p>In Bottle, returning a generator or iterator will send the response in chucks, instead of all at once. The effect would be that the test results load in one by one, providing the user with feedback. No JavaScript needed.
> It was also getting harder and harder to debug as JavaScript has no timeout functionality I would have had to wrap that request in another promise.<p>I'm pretty sure you could use an AbortController to address this? But it's one of those things you have to know about. I <i>completely</i> understand the author's frustration with CORS, but I don't think JS is to blame here. I have felt a similar level of frustration whenever I try to use a language other than JS to work with JSON. Does that mean the language sucks? I would say no. I don't think this made a compelling case for avoiding JS, but I would never want to deny someone the catharsis from venting about technology.
(2020)<p>> Three days wasted. I should have just written the PHP script .<p>The good news is that any leading class LLM today would certainly be able to one-shot translation of the script from Python to PHP or create it in PHP.
CORS has killed a lot of my SPA ideas too. Also I've been toying with Svelte which I was told was a lightweight framework. But you still need npm to use it which generates dozens of other boilerplate files.<p>The JS ecosystem does indeed suck.
The JS Frameworks always feel fun to start with, but then I always end up realising how complex and flakey the tool chain is and switch to something simpler.<p>ASP.NET + alpine.js is my current happy place. If I need a JS lib then I get it from unpkg.com and avoid npm.<p>Then Docker on a Digital Ocean Container App is a really easy way to CI/CD.
> I feel like every time I look at JavaScript it’s different .<p>So much truth in this. It's amazing that JS has managed to survive (even thrive!) in spite of the constant fundamental backwards-breaking changes every few cycles. Maybe that speaks to the lack of web based alternatives than anything else.
I wonder what the environmental impact of CORS is, given that it is the sole reason to spin up a node proxy server every time it kills someone's dreams.
Trying to traverse the web landscape and/or getting out of one's comfort zone is of course a very valid incentive. But if one wants to "transforms a small Python utility" by "turning it into a web application", I believe more efficient paths could be tried.<p>Streamlit is not mentioned in the article, yet I can argue that is unbeatable and that by a large margin in how quick it is to get from a Python script to a decent, functioning web application.<p>In general, going one-language, full-stack (Vaadin, Streamlit etc..) is probably the right path for anyone who doesn't want do front-end but has to. IMHO of course.
I agree with your point of view; CORS will at least torment you for a while until you finally resolve it. With the help of GPT, I have at least tried 1. Vite proxy, 2. Java Spring WebMvcConfigurer CORS config, and 3. Nginx proxy... This is really exhausting.
Ah yes, another “this hammer is a terrible paintbrush!” blog post. Bonus points for the dig at node_modules bloat.<p>You can write a post like this about the frustrations of any language / tool / framework - just go in with random expectations and limited understanding - and when you encounter an obstacle don’t attempt to learn why it’s there.
Is there a way one can make a JS fetch() call and instruct browser to not send cookies etc, so CORS limitation won't be applied?<p>CORS is basically happening because of the sensitive data that browser sends by default, so if browser is not sending such info, then CORS also need not be applied
If you want a little more interactivity you could use SSE[0] to push results as they come back.<p>[0] <a href="https://developer.mozilla.org/en-US/docs/Web/API/Server-sent_events/Using_server-sent_events" rel="nofollow">https://developer.mozilla.org/en-US/docs/Web/API/Server-sent...</a> - I don't think Bottle supports this though; you might have to move to a different WSGI server.