Merge pull request #10428 from annando/cors
Set CORS header fields to support Halcyon
This commit is contained in:
commit
9cd642abbc
2 changed files with 29 additions and 7 deletions
|
@ -265,17 +265,35 @@ class Module
|
||||||
$logger->debug('index.php: page not found.', ['request_uri' => $server['REQUEST_URI'], 'address' => $server['REMOTE_ADDR'], 'query' => $server['QUERY_STRING']]);
|
$logger->debug('index.php: page not found.', ['request_uri' => $server['REQUEST_URI'], 'address' => $server['REMOTE_ADDR'], 'query' => $server['QUERY_STRING']]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// @see https://github.com/tootsuite/mastodon/blob/c3aef491d66aec743a3a53e934a494f653745b61/config/initializers/cors.rb
|
||||||
|
if (substr($_REQUEST['pagename'] ?? '', 0, 12) == '.well-known/') {
|
||||||
|
header('Access-Control-Allow-Origin: *');
|
||||||
|
header('Access-Control-Allow-Headers: *');
|
||||||
|
header('Access-Control-Allow-Methods: ' . Router::GET);
|
||||||
|
header('Access-Control-Allow-Credentials: false');
|
||||||
|
} elseif (substr($_REQUEST['pagename'] ?? '', 0, 8) == 'profile/') {
|
||||||
|
header('Access-Control-Allow-Origin: *');
|
||||||
|
header('Access-Control-Allow-Headers: *');
|
||||||
|
header('Access-Control-Allow-Methods: ' . Router::GET);
|
||||||
|
header('Access-Control-Allow-Credentials: false');
|
||||||
|
} elseif (substr($_REQUEST['pagename'] ?? '', 0, 4) == 'api/') {
|
||||||
|
header('Access-Control-Allow-Origin: *');
|
||||||
|
header('Access-Control-Allow-Headers: *');
|
||||||
|
header('Access-Control-Allow-Methods: ' . implode(',', Router::ALLOWED_METHODS));
|
||||||
|
header('Access-Control-Allow-Credentials: false');
|
||||||
|
header('Access-Control-Expose-Headers: Link');
|
||||||
|
} elseif (substr($_REQUEST['pagename'] ?? '', 0, 11) == 'oauth/token') {
|
||||||
|
header('Access-Control-Allow-Origin: *');
|
||||||
|
header('Access-Control-Allow-Headers: *');
|
||||||
|
header('Access-Control-Allow-Methods: ' . Router::POST);
|
||||||
|
header('Access-Control-Allow-Credentials: false');
|
||||||
|
}
|
||||||
|
|
||||||
// @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS
|
// @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS
|
||||||
// @todo Check allowed methods per requested path
|
// @todo Check allowed methods per requested path
|
||||||
if ($server['REQUEST_METHOD'] === Router::OPTIONS) {
|
if ($server['REQUEST_METHOD'] === Router::OPTIONS) {
|
||||||
header('HTTP/1.1 204 No Content');
|
header('HTTP/1.1 204 No Content');
|
||||||
header('Allow: ' . implode(',', Router::ALLOWED_METHODS));
|
header('Allow: ' . implode(',', Router::ALLOWED_METHODS));
|
||||||
// Deactivated until we know about possible side effects
|
|
||||||
// header('Access-Control-Allow-Credentials: true');
|
|
||||||
// header('Access-Control-Allow-Headers: Authorization,Content-Type');
|
|
||||||
// header('Access-Control-Allow-Methods: ' . implode(',', Router::ALLOWED_METHODS));
|
|
||||||
// header('Access-Control-Allow-Origin: ' . DI::baseUrl());
|
|
||||||
// header('Access-Control-Max-Age: 86400');
|
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -44,10 +44,14 @@ class Relationships extends BaseApi
|
||||||
'id' => [],
|
'id' => [],
|
||||||
]);
|
]);
|
||||||
|
|
||||||
if (empty($request['id']) || !is_array($request['id'])) {
|
if (empty($request['id'])) {
|
||||||
DI::mstdnError()->UnprocessableEntity();
|
DI::mstdnError()->UnprocessableEntity();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!is_array($request['id'])) {
|
||||||
|
$request['id'] = [$request['id']];
|
||||||
|
}
|
||||||
|
|
||||||
$relationsships = [];
|
$relationsships = [];
|
||||||
|
|
||||||
foreach ($request['id'] as $id) {
|
foreach ($request['id'] as $id) {
|
||||||
|
|
Loading…
Reference in a new issue