From af817b2ad5412a28c740efb51a4c220db33a45cc Mon Sep 17 00:00:00 2001
From: Hypolite Petovan <hypolite@mrpetovan.com>
Date: Sun, 5 Apr 2020 18:02:38 -0400
Subject: [PATCH] Add cache and CORS headers to ActivityPub endpoints

---
 src/Module/Objects.php         | 2 ++
 src/Module/Profile/Profile.php | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/src/Module/Objects.php b/src/Module/Objects.php
index 0f2536bcc9..b5b5227141 100644
--- a/src/Module/Objects.php
+++ b/src/Module/Objects.php
@@ -76,6 +76,8 @@ class Objects extends BaseModule
 		$data = ['@context' => ActivityPub::CONTEXT];
 		$data = array_merge($data, $activity['object']);
 
+		// Relaxed CORS header for public items
+		header('Access-Control-Allow-Origin: *');
 		System::jsonExit($data, 'application/activity+json');
 	}
 }
diff --git a/src/Module/Profile/Profile.php b/src/Module/Profile/Profile.php
index bbf0da3821..6142648803 100644
--- a/src/Module/Profile/Profile.php
+++ b/src/Module/Profile/Profile.php
@@ -54,6 +54,8 @@ class Profile extends BaseProfile
 				// The function returns an empty array when the account is removed, expired or blocked
 				$data = ActivityPub\Transmitter::getProfile($user['uid']);
 				if (!empty($data)) {
+					header('Access-Control-Allow-Origin: *');
+					header('Cache-Control: max-age=23200, stale-while-revalidate=23200');
 					System::jsonExit($data, 'application/activity+json');
 				}
 			}