Arch Linux

Please read this before reporting a bug:

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#69890 - Enable CORS to Arch Package API

Attached to Project: Arch Linux
Opened by Clemens (celloclemens) - Friday, 05 March 2021, 19:34 GMT
Last edited by Andreas Radke (AndyRTR) - Wednesday, 21 April 2021, 06:29 GMT
Task Type Feature Request
Category Web Sites
Status Assigned
Assigned To Jelle van der Waa (jelly)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 1
Private No



It would be helpful to be able to access the package JSON API under and potentially others. At the moment the Access-Control-Allow-Origin header is missing, so the API cannot be accessed by XHR. I think it is unintentional that this is not possible, because the whole purpose of the API is to be accessible, isn't it? It can be enabled in nginx by simply adding "Access-Control-Allow-Origin: *" as a header. Thanks!
Additional info:
* package version(s)
* config and/or log files etc.
* link to upstream bug report, if any

Steps to reproduce:
Execute the following code in any JavaScript console in a non IE browser that is not on the same Origin as the API:
"", {
method: 'GET',
mode: 'cors',
headers: {
'Accept': 'application/json',
.then(response => response.json())
.then(json => console.log(json))
.catch(error =>
This task depends upon