fix(activitypub): allow cors on get requests for routes exposing acitivitypub objects

2026-04-11 18:56:42 +02:00 · 2022-02-05 10:57:02 +00:00 · 2022-02-05 10:57:02 +00:00 · 2f2480998f
commit 2f2480998f
parent 412cf14604
6 changed files with 74 additions and 20 deletions
--- a/modules/Fediverse/Controllers/ActivityPubController.php
+++ b/modules/Fediverse/Controllers/ActivityPubController.php
@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright  2021 Podlibre
+ * @license    https://www.gnu.org/licenses/agpl-3.0.en.html AGPL3
+ * @link       https://castopod.org/
+ */
+
+namespace Modules\Fediverse\Controllers;
+
+use CodeIgniter\Controller;
+use CodeIgniter\HTTP\Response;
+
+class ActivityPubController extends Controller
+{
+    /**
+     * @noRector ReturnTypeDeclarationRector
+     */
+    public function preflight(): Response
+    {
+        return $this->response->setHeader('Access-Control-Allow-Origin', '*') // for allowing any domain, insecure
+            ->setHeader('Access-Control-Allow-Headers', '*') // for allowing any headers, insecure
+            ->setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS') // allows GET and OPTIONS methods only
+            ->setHeader('Access-Control-Max-Age', '86400')
+            ->setHeader('Cache-Control', 'public, max-age=86400')
+            ->setStatusCode(200);
+    }
+}