Replace Access-Control-Allow-Origin: * with shared getCorsHeaders()
across 20 API edge functions to restrict access to worldmonitor.app,
tech.worldmonitor.app, and authorized Vercel preview URLs.
Version bump to 2.2.5 across package.json, tauri.conf.json, Cargo.toml.
- Extract close price arrays from Yahoo Finance chart API for indices/commodities
- Switch CoinGecko crypto fetch to /coins/markets endpoint with 7d sparkline data
- Render inline SVG sparklines color-coded green/red by price direction
- Fix Vite dev proxy for CoinGecko (was hitting root instead of /api/v3/simple/price)
- Add endpoint=markets support to CoinGecko edge function
- Fix earthquakes API URL to use /api/earthquakes proxy (was 404)
- Add in-memory caching to CoinGecko proxy (2 min TTL)
- Return cached data on 429 rate limit instead of error
- Increase Cache-Control to 120s with stale-while-revalidate
- Add /api/yahoo-finance.js for stock quotes
- Add /api/coingecko.js for crypto prices
- Add /api/polymarket.js for prediction markets
- Add /api/rss-proxy.js for RSS feeds (with domain allowlist)
- Add /api/earthquakes.js for USGS data
- Update feeds.ts to use direct URLs with RSS proxy
- Simplify proxy.ts (no external CORS proxy needed)
- Update earthquakes.ts and polymarket.ts to use new endpoints
Eliminates dependency on unreliable third-party CORS proxy.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
