This is a simple static html site. It uses javascript to request departures of the AVV public transport service in Augsburg. It uses the same calls as the official frontend hosted at https://efa.avv-augsburg.de/avv/XSLT_TRIP_REQUEST2.
The main request (to get departure data) is a POST request to https://efa.avv-augsburg.de/avv/XSLT_DM_REQUEST.
Since this endpoint doesn't have the access-control-allow-origin: *
set, it is proxied through one of my servers.
In addition to proxying I set the following headers:
access-control-allow-origin: *
This could also be set to only allow the origin where this html file is hosted