From 9b955c9ce25a06a9102b67ebe77375dc45d28f0f Mon Sep 17 00:00:00 2001
From: Yassine Doghri <yassine@doghri.fr>
Date: Wed, 19 Jul 2023 15:04:17 +0000
Subject: [PATCH] fix(s3): allow CORS for served static files

---
 app/Config/Filters.php                                 |  2 +-
 {modules/Fediverse => app}/Filters/AllowCorsFilter.php | 10 ++++++----
 modules/Media/Config/Routes.php                        |  1 +
 3 files changed, 8 insertions(+), 5 deletions(-)
 rename {modules/Fediverse => app}/Filters/AllowCorsFilter.php (77%)

diff --git a/app/Config/Filters.php b/app/Config/Filters.php
index 0beff42d83..2146a1f860 100644
--- a/app/Config/Filters.php
+++ b/app/Config/Filters.php
@@ -4,6 +4,7 @@ declare(strict_types=1);
 
 namespace Config;
 
+use App\Filters\AllowCorsFilter;
 use CodeIgniter\Config\BaseConfig;
 use CodeIgniter\Filters\CSRF;
 use CodeIgniter\Filters\DebugToolbar;
@@ -12,7 +13,6 @@ use CodeIgniter\Filters\InvalidChars;
 use CodeIgniter\Filters\SecureHeaders;
 use Modules\Api\Rest\V1\Filters\ApiFilter;
 use Modules\Auth\Filters\PermissionFilter;
-use Modules\Fediverse\Filters\AllowCorsFilter;
 use Modules\Fediverse\Filters\FediverseFilter;
 use Modules\PremiumPodcasts\Filters\PodcastUnlockFilter;
 
diff --git a/modules/Fediverse/Filters/AllowCorsFilter.php b/app/Filters/AllowCorsFilter.php
similarity index 77%
rename from modules/Fediverse/Filters/AllowCorsFilter.php
rename to app/Filters/AllowCorsFilter.php
index 3ed0f9489a..7edc2b6e96 100644
--- a/modules/Fediverse/Filters/AllowCorsFilter.php
+++ b/app/Filters/AllowCorsFilter.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace Modules\Fediverse\Filters;
+namespace App\Filters;
 
 use CodeIgniter\Filters\FilterInterface;
 use CodeIgniter\HTTP\RequestInterface;
@@ -17,11 +17,13 @@ class AllowCorsFilter implements FilterInterface
 
     public function after(RequestInterface $request, ResponseInterface $response, $arguments = null): void
     {
+        if (! $response->hasHeader('Cache-Control')) {
+            $response->setHeader('Cache-Control', 'public, max-age=86400');
+        }
+
         $response->setHeader('Access-Control-Allow-Origin', '*') // for allowing any domain, insecure
             ->setHeader('Access-Control-Allow-Headers', '*') // for allowing any headers, insecure
             ->setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS') // allows GET and OPTIONS methods only
-            ->setHeader('Access-Control-Max-Age', '86400')
-            ->setHeader('Cache-Control', 'public, max-age=86400')
-            ->setStatusCode(200);
+            ->setHeader('Access-Control-Max-Age', '86400');
     }
 }
diff --git a/modules/Media/Config/Routes.php b/modules/Media/Config/Routes.php
index eb89c80d1d..1c7ba01e39 100644
--- a/modules/Media/Config/Routes.php
+++ b/modules/Media/Config/Routes.php
@@ -13,4 +13,5 @@ $routes = service('routes');
 $routes->get('static/(:any)', 'MediaController::serve/$1', [
     'as'        => 'media-serve',
     'namespace' => 'Modules\Media\Controllers',
+    'filter'    => 'allow-cors',
 ]);
-- 
GitLab