Wednesday, 2 September 2015

Why do eBay have an EPN feed, which is almost useless as it doesn't support CORS?!

I spent most of this morning trying to convert an eBay RSS URL generation function from PHP to JS. When I'd done, I discovered that making an AJAX request for the URL doesn't work, as eBay haven't implemented a Access-Control-Allow-Origin header to allow CORS. So all my work was wasted.

I probably should have checked that first. (Actually I think I may have tried this quite some time ago and discovered the same thing). This leaves me with not many options (which I probably discovered last time I looked at this):

Proxy requests through my own server
The js script is meant to be something that others can easily use to add ebay listings to their own site. Requiring them to configure their server to proxy requests makes it more difficult to use, not to mention slower and a drain on your server.
Get the data using PHP
This makes the script easier to use than requiring server configuration, but still not as simple as a js only solution. It requires more server resources than a simple proxy. It is also against the main reason I am writing this script - the idea is keep eBay listings on my site up to date while the pages are cached on the server. I can cache the eBay results, and then clear them every 10 minutes. But then why not instead just stick with my current solution, but ensure that pages containing eBay listings are purged from the cache every 10 minutes?
Insert the eBay Custom Banner js into a hidden div, then parse the generated HTML
This would present a js only solution (well, of course eBay's servers have to do some processing). However, it is extremely messy / hacky.
Use the eBay Developer API and JSONP
This requires that anyone wanting to use the script on their site signs up to the eBay Developers program. It allows for only 5000 requests per day.
Use a public proxy service that supports CORS
This means you're reliant on a third party service, that if hacked, could present you with malicious data. It could be unreliable or go offline forever. Speed could be an issue. Still, at the moment this seems like it may be the best solution. Or maybe allowing specifying your own proxy, but using a third party one as the default.

No comments: