Cooked!

🧪 DEVLOG — “Cooked: From CORS Hell to Actual Food Crimes”

Date: 27 Jan 2026
Project: Cooked 🍳
Status: WORKING (text + image)

What I built

I built a cursed AI cooking app that generates fake, unhinged dishes and AI images of them. The frontend is pure HTML/CSS/JS, and the backend is a Cloudflare Worker that proxies HackAI requests.

The main problem

Calling HackAI directly from the browser caused:

TypeError: Failed to fetch

CORS blocks

API key exposure

Image endpoints completely refusing to work

Basically: browser security vs my ambitions 💀

The fix (big brain moment)

I moved ALL AI calls server-side using a Cloudflare Worker:

Frontend → Worker (safe, CORS-free)

Worker → HackAI (API key hidden)

Text uses /chat/completions

Images use /images/generations

The Worker:

Handles CORS preflight (OPTIONS)

Injects the API key securely

Normalizes responses to valid JSON (even when HackAI fails)

Exposes two routes:

/ → text generation

/image → image generation (base64 PNG)

Final architecture
Browser (index.html + script.js)
↓
Cloudflare Worker (API proxy)
↓
HackAI (Qwen + Gemini Image)

Result

✅ No CORS errors

✅ No API key in frontend

✅ Text + image generation works

✅ App runs over localhost or deployed static hosting

✅ Feels illegal but is actually correct

Lessons learned

Browsers hate secrets (fair)

Image gen ≠ chat completions

Workers are mandatory for real AI apps

“Failed to fetch” usually means “you forgot CORS”

Overall: cooked, but successfully 🍳🔥

🍳 Cooked — Devlog (Extension Phase)

I originally built Cooked as a browser extension. The idea was simple: click the extension, press COOK, and instantly get a cursed AI-generated recipe. No tabs, no setup, just chaos.

The extension used Manifest V3 with a popup UI (popup.html, popup.css, popup.js). The design was intentionally minimal and terminal-styled: black background, green text, and a element to display AI output. Buttons included COOK and MAKE IT WORSE, and API keys were stored using chrome.storage.local.

Functionally, everything worked. The AI calls succeeded, state was preserved, and the logic was solid.

The real problems came from the popup UI constraints. Chrome extension popups have fixed size limits and do not scale well with dynamic content. Long AI responses were often cut off or cramped, even with scrolling enabled. Styling became a constant fight, requiring hard-coded widths, heights, and overflow hacks just to keep things readable.

Debugging was also slower than expected. Every small change required reloading the extension, reopening the popup, and re-testing. Missing a required permission (like “storage”) caused silent failures that were hard to track down.

Eventually, it became clear that the extension format wasn’t suited for long, expressive AI output. The core value of Cooked is the content itself, and the popup container was limiting that experience.

This phase wasn’t a failure—it clarified the constraints of extension UIs and led to a better architectural decision later.