From e12f95aca13c6d54489a9cfd99d4cd2490fe83ab Mon Sep 17 00:00:00 2001
From: Yassine Doghri <yassine@doghri.fr>
Date: Sat, 24 Jul 2021 15:33:34 +0000
Subject: [PATCH] feat: allow cross origin requests on episode comments
---
app/Config/Routes.php | 1 +
app/Controllers/EpisodeController.php | 14 ++++++++++++++
2 files changed, 15 insertions(+)
diff --git a/app/Config/Routes.php b/app/Config/Routes.php
index cb5dcf7a9e..c4423b4833 100644
--- a/app/Config/Routes.php
+++ b/app/Config/Routes.php
@@ -736,6 +736,7 @@ $routes->group('@(:podcastName)', function ($routes): void {
],
],
]);
+ $routes->options('comments', 'EpisodeController::commentsPreflight/$1/$2');
$routes->get('comments', 'EpisodeController::comments/$1/$2', [
'as' => 'episode-comments',
'application/activity+json' => [
diff --git a/app/Controllers/EpisodeController.php b/app/Controllers/EpisodeController.php
index 34922690e5..6d897b2610 100644
--- a/app/Controllers/EpisodeController.php
+++ b/app/Controllers/EpisodeController.php
@@ -210,6 +210,19 @@ class EpisodeController extends BaseController
->setBody($podcastObject->toJSON());
}
+ /**
+ * @noRector ReturnTypeDeclarationRector
+ */
+ public function commentsPreflight(): Response
+ {
+ return $this->response->setHeader('Access-Control-Allow-Origin', '*') // for allowing any domain, insecure
+ ->setHeader('Access-Control-Allow-Headers', '*') // for allowing any headers, insecure
+ ->setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS') // allows GET and OPTIONS methods only
+ ->setHeader('Access-Control-Max-Age', '86400')
+ ->setHeader('Cache-Control', 'public, max-age=86400')
+ ->setStatusCode(200);
+ }
+
/**
* @noRector ReturnTypeDeclarationRector
*/
@@ -250,6 +263,7 @@ class EpisodeController extends BaseController
return $this->response
->setContentType('application/activity+json')
+ ->setHeader('Access-Control-Allow-Origin', '*')
->setBody($collection->toJSON());
}
}
--
GitLab