add function to handle redirection of xsl schemas

[poshul]

Add some edge logic to handle redirects to the xsls without involving a 301 response. Necessary to load our internal xml types with modern browsers which are picky about CORS.

Summary by CodeRabbit

• New Features
  • Added support for proxying XML resources (stylesheets and schemas) with proper content-type handling and cross-origin access control, enabling external resource integration.

[netlify]

✅ Deploy Preview for openms ready!

Name	Link
🔨 Latest commit	7a952fe
🔍 Latest deploy log	https://app.netlify.com/projects/openms/deploys/69e9e304d2dbfa00089355bd
😎 Deploy Preview	https://deploy-preview-261--openms.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[coderabbitai]

Warning

Rate limit exceeded

@poshul has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 29 minutes and 24 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 29 minutes and 24 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d9283cb7-96d6-4203-86a2-7f42a60a82d1

📥 Commits

Reviewing files that changed from the base of the PR and between e6d8905 and 7a952fe.

📒 Files selected for processing (2)

• .netlify/functions/edge-functions/xml-proxy.ts
• netlify.toml

📝 Walkthrough

Walkthrough

A new Netlify Edge Function is added that proxies XML-related requests for stylesheet and schema files to OpenMS GitHub repositories. The handler matches request paths, rewrites them to upstream URLs, fetches the content with appropriate headers, and returns responses with CORS and Content-Type headers set accordingly.

Changes

Cohort / File(s)

Summary

XML Proxy Edge Function .netlify/functions/edge-functions/xml-proxy.ts

New edge function that intercepts requests to /xml-stylesheet/* and /xml-schema/* paths, proxies them to OpenMS GitHub raw repositories, rewrites paths, sets CORS headers (Access-Control-Allow-Origin, Vary, Access-Control-Allow-Methods), and dynamically sets Content-Type based on file type (text/xsl; charset=utf-8 for stylesheets, application/xml; charset=utf-8 for .xsd schemas). Includes error handling for upstream failures.

Poem

🐰 Whiskers twitching with joy:

A proxy hops through XML trees,
Fetching stylesheets on the breeze,
CORS headers set just right,
OpenMS repos shining bright! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding a function to handle XSL schema redirects, which aligns with the code that proxies XML-related requests.
Description check	✅ Passed	The description provides context about the purpose (handling redirects without 301 responses for CORS compliance) but doesn't follow the repository's template structure with explicit sections.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch add_edge_xsls

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.netlify/functions/edge-functions/xml-proxy.ts:
- Around line 26-28: The current fetch call (fetch(upstream, { headers... })
producing upstreamRes) always issues a GET, causing incorrect behavior for
OPTIONS/HEAD and unhandled network errors; update request handling to
short-circuit OPTIONS by immediately returning a response with the CORS headers
and allowed methods (GET, HEAD, OPTIONS), for HEAD requests call fetch with
method: "HEAD" instead of default GET, and wrap the upstream fetch in try/catch
so network failures return a controlled Response with 502 status and the same
CORS headers; ensure the same CORS header set used elsewhere is applied to the
OPTIONS response, the HEAD proxy response and the 502 error response.
- Around line 4-20: The handler (export default async (request: Request))
currently slices the raw path into rest and appends it to the GitHub upstream
without validation; instead, split the suffix (rest) into path segments, decode
each segment with decodeURIComponent, and reject (return a 400/appropriate
error) if any segment is empty, "." or ".." or contains encoded slashes (e.g.,
percent-encoded '/' detected) before constructing upstream; apply this check in
both branches that set upstream (the blocks that compute rest for
"/xml-stylesheet/" and "/xml-schema/") so only validated, normalized segments
are joined into the fixed XSL/ or SCHEMAS/ URL.
- Around line 57-59: The edge function is defined with export const config
(config.path = ["/xml-stylesheet/*", "/xml-schema/*"]) but is located in a
non-discovered directory; either move this file into the Netlify default edge
functions directory so Netlify will discover export const config and the
handler, or explicitly configure Netlify to look in the current directory by
adding the build edge_functions setting to netlify.toml (set the edge_functions
path to the directory containing this file) so Netlify can load the edge
function.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: f4ef979d-8f06-45c9-8874-9b927bdc3640

📥 Commits

Reviewing files that changed from the base of the PR and between ad169e4 and e6d8905.

📒 Files selected for processing (1)

• .netlify/functions/edge-functions/xml-proxy.ts