From 58a513cb30a99c745ab500355c9519d5ee5dc4db Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 9 Jun 2021 07:27:42 +0000 Subject: [PATCH 1/3] Support HTTP OPTIONS requests --- src/App/Module.php | 10 ++++++++++ src/App/Router.php | 12 +++++++----- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/src/App/Module.php b/src/App/Module.php index 7ad4261aa6..8cc4dd7109 100644 --- a/src/App/Module.php +++ b/src/App/Module.php @@ -265,6 +265,16 @@ class Module $logger->debug('index.php: page not found.', ['request_uri' => $server['REQUEST_URI'], 'address' => $server['REMOTE_ADDR'], 'query' => $server['QUERY_STRING']]); } + if ($server['REQUEST_METHOD'] === Router::OPTIONS) { + header('HTTP/1.1 204 No Content'); + header('access-control-allow-credentials: true'); + header('access-control-allow-headers: Authorization,Content-Type'); + header('access-control-allow-methods: ' . implode(',', Router::ALLOWED_METHODS)); + header('access-control-allow-origin: *'); + header('access-control-max-age: 86400'); + exit(); + } + $placeholder = ''; $profiler->set(microtime(true), 'ready'); diff --git a/src/App/Router.php b/src/App/Router.php index c18c048eaa..82c493baa6 100644 --- a/src/App/Router.php +++ b/src/App/Router.php @@ -44,11 +44,12 @@ use Friendica\Network\HTTPException; */ class Router { - const DELETE = 'DELETE'; - const GET = 'GET'; - const PATCH = 'PATCH'; - const POST = 'POST'; - const PUT = 'PUT'; + const DELETE = 'DELETE'; + const GET = 'GET'; + const PATCH = 'PATCH'; + const POST = 'POST'; + const PUT = 'PUT'; + const OPTIONS = 'OPTIONS'; const ALLOWED_METHODS = [ self::DELETE, @@ -56,6 +57,7 @@ class Router self::PATCH, self::POST, self::PUT, + self::OPTIONS ]; /** @var RouteCollector */ From c9b66d6e28b1f3832d17fa31d00d3c6b689e2843 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 9 Jun 2021 07:42:23 +0000 Subject: [PATCH 2/3] Deactivate CORS related headers --- src/App/Module.php | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/App/Module.php b/src/App/Module.php index 8cc4dd7109..4c61b44559 100644 --- a/src/App/Module.php +++ b/src/App/Module.php @@ -267,11 +267,13 @@ class Module if ($server['REQUEST_METHOD'] === Router::OPTIONS) { header('HTTP/1.1 204 No Content'); - header('access-control-allow-credentials: true'); - header('access-control-allow-headers: Authorization,Content-Type'); - header('access-control-allow-methods: ' . implode(',', Router::ALLOWED_METHODS)); - header('access-control-allow-origin: *'); - header('access-control-max-age: 86400'); + header('Allow: ' . implode(',', Router::ALLOWED_METHODS)); + // Deactivated until we know about possible side effects + // header('Access-Control-Allow-Credentials: true'); + // header('Access-Control-Allow-Headers: Authorization,Content-Type'); + // header('Access-Control-Allow-Methods: ' . implode(',', Router::ALLOWED_METHODS)); + // header('Access-Control-Allow-Origin: ' . DI::baseUrl()); + // header('Access-Control-Max-Age: 86400'); exit(); } From 4706d60b04466077c6191f53cea82a46d0ec2221 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 9 Jun 2021 07:44:19 +0000 Subject: [PATCH 3/3] Added documentation --- src/App/Module.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/App/Module.php b/src/App/Module.php index 4c61b44559..b2cc8210e3 100644 --- a/src/App/Module.php +++ b/src/App/Module.php @@ -265,6 +265,8 @@ class Module $logger->debug('index.php: page not found.', ['request_uri' => $server['REQUEST_URI'], 'address' => $server['REMOTE_ADDR'], 'query' => $server['QUERY_STRING']]); } + // @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS + // @todo Check allowed methods per requested path if ($server['REQUEST_METHOD'] === Router::OPTIONS) { header('HTTP/1.1 204 No Content'); header('Allow: ' . implode(',', Router::ALLOWED_METHODS));