fix(cors): add preflight option routes for episode, podcast and status objects (a281abfd) · Commits · Ad Aures / Castopod

app/Config/Routes.php

+6 −1

Original line number	Diff line number	Diff line
		@@ -690,6 +690,7 @@ $routes->group('@(:podcastName)', function ($routes): void {
		'as' => 'podcast-activity',
		]);
		// override default ActivityPub Library's actor route
		$routes->options('/', 'ActivityPubController::preflight');
		$routes->get('/', 'PodcastController::activity/$1', [
		'as' => 'actor',
		'alternate-content' => [
		@@ -707,6 +708,7 @@ $routes->group('@(:podcastName)', function ($routes): void {
		],
		],
		]);
		$routes->options('episodes', 'ActivityPubController::preflight');
		$routes->get('episodes', 'PodcastController::episodes/$1', [
		'as' => 'podcast-episodes',
		'alternate-content' => [
		@@ -722,6 +724,7 @@ $routes->group('@(:podcastName)', function ($routes): void {
		],
		]);
		$routes->group('episodes/(:slug)', function ($routes): void {
		$routes->options('/', 'ActivityPubController::preflight');
		$routes->get('/', 'EpisodeController/$1/$2', [
		'as' => 'episode',
		'alternate-content' => [
		@@ -736,7 +739,7 @@ $routes->group('@(:podcastName)', function ($routes): void {
		],
		],
		]);
		$routes->options('comments', 'EpisodeController::commentsPreflight/$1/$2');
		$routes->options('comments', 'ActivityPubController::preflight');
		$routes->get('comments', 'EpisodeController::comments/$1/$2', [
		'as' => 'episode-comments',
		'application/activity+json' => [
		@@ -806,6 +809,7 @@ $routes->group('@(:podcastName)', function ($routes): void {
		]);
		// Status
		$routes->group('statuses/(:uuid)', function ($routes): void {
		$routes->options('/', 'ActivityPubController::preflight');
		$routes->get('/', 'StatusController::view/$1/$2', [
		'as' => 'status',
		'alternate-content' => [
		@@ -819,6 +823,7 @@ $routes->group('@(:podcastName)', function ($routes): void {
		],
		],
		]);
		$routes->options('replies', 'ActivityPubController::preflight');
		$routes->get('replies', 'StatusController/$1/$2', [
		'as' => 'status-replies',
		'alternate-content' => [

app/Controllers/ActivityPubController.php

0 → 100644

+30 −0

Original line number	Diff line number	Diff line
		<?php

		declare(strict_types=1);

		/**
		* @copyright 2021 Podlibre
		* @license https://www.gnu.org/licenses/agpl-3.0.en.html AGPL3
		* @link https://castopod.org/
		*/

		namespace App\Controllers;

		use CodeIgniter\Controller;
		use CodeIgniter\HTTP\Response;

		class ActivityPubController extends Controller
		{
		/**
		* @noRector ReturnTypeDeclarationRector
		*/
		public function preflight(): Response
		{
		return $this->response->setHeader('Access-Control-Allow-Origin', '*') // for allowing any domain, insecure
		->setHeader('Access-Control-Allow-Headers', '*') // for allowing any headers, insecure
		->setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS') // allows GET and OPTIONS methods only
		->setHeader('Access-Control-Max-Age', '86400')
		->setHeader('Cache-Control', 'public, max-age=86400')
		->setStatusCode(200);
		}
		}

app/Controllers/EpisodeController.php

+0 −13

Original line number	Diff line number	Diff line
		@@ -210,19 +210,6 @@ class EpisodeController extends BaseController
		->setBody($podcastObject->toJSON());
		}

		/**
		* @noRector ReturnTypeDeclarationRector
		*/
		public function commentsPreflight(): Response
		{
		return $this->response->setHeader('Access-Control-Allow-Origin', '*') // for allowing any domain, insecure
		->setHeader('Access-Control-Allow-Headers', '*') // for allowing any headers, insecure
		->setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS') // allows GET and OPTIONS methods only
		->setHeader('Access-Control-Max-Age', '86400')
		->setHeader('Cache-Control', 'public, max-age=86400')
		->setStatusCode(200);
		}

		/**
		* @noRector ReturnTypeDeclarationRector
		*/