From a281abfda475388a07943c169dab460cc2d4f944 Mon Sep 17 00:00:00 2001
From: Yassine Doghri <yassine@doghri.fr>
Date: Mon, 22 Nov 2021 14:35:44 +0000
Subject: [PATCH] fix(cors): add preflight option routes for episode, podcast
 and status objects

---
 app/Config/Routes.php                     |  7 +++++-
 app/Controllers/ActivityPubController.php | 30 +++++++++++++++++++++++
 app/Controllers/EpisodeController.php     | 13 ----------
 3 files changed, 36 insertions(+), 14 deletions(-)
 create mode 100644 app/Controllers/ActivityPubController.php

diff --git a/app/Config/Routes.php b/app/Config/Routes.php
index eb02b2c82e..b8ffad9ecf 100644
--- a/app/Config/Routes.php
+++ b/app/Config/Routes.php
@@ -690,6 +690,7 @@ $routes->group('@(:podcastName)', function ($routes): void {
         'as' => 'podcast-activity',
     ]);
     // override default ActivityPub Library's actor route
+    $routes->options('/', 'ActivityPubController::preflight');
     $routes->get('/', 'PodcastController::activity/$1', [
         'as' => 'actor',
         'alternate-content' => [
@@ -707,6 +708,7 @@ $routes->group('@(:podcastName)', function ($routes): void {
             ],
         ],
     ]);
+    $routes->options('episodes', 'ActivityPubController::preflight');
     $routes->get('episodes', 'PodcastController::episodes/$1', [
         'as' => 'podcast-episodes',
         'alternate-content' => [
@@ -722,6 +724,7 @@ $routes->group('@(:podcastName)', function ($routes): void {
         ],
     ]);
     $routes->group('episodes/(:slug)', function ($routes): void {
+        $routes->options('/', 'ActivityPubController::preflight');
         $routes->get('/', 'EpisodeController/$1/$2', [
             'as' => 'episode',
             'alternate-content' => [
@@ -736,7 +739,7 @@ $routes->group('@(:podcastName)', function ($routes): void {
                 ],
             ],
         ]);
-        $routes->options('comments', 'EpisodeController::commentsPreflight/$1/$2');
+        $routes->options('comments', 'ActivityPubController::preflight');
         $routes->get('comments', 'EpisodeController::comments/$1/$2', [
             'as' => 'episode-comments',
             'application/activity+json' => [
@@ -806,6 +809,7 @@ $routes->group('@(:podcastName)', function ($routes): void {
     ]);
     // Status
     $routes->group('statuses/(:uuid)', function ($routes): void {
+        $routes->options('/', 'ActivityPubController::preflight');
         $routes->get('/', 'StatusController::view/$1/$2', [
             'as' => 'status',
             'alternate-content' => [
@@ -819,6 +823,7 @@ $routes->group('@(:podcastName)', function ($routes): void {
                 ],
             ],
         ]);
+        $routes->options('replies', 'ActivityPubController::preflight');
         $routes->get('replies', 'StatusController/$1/$2', [
             'as' => 'status-replies',
             'alternate-content' => [
diff --git a/app/Controllers/ActivityPubController.php b/app/Controllers/ActivityPubController.php
new file mode 100644
index 0000000000..f46b8e771e
--- /dev/null
+++ b/app/Controllers/ActivityPubController.php
@@ -0,0 +1,30 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright  2021 Podlibre
+ * @license    https://www.gnu.org/licenses/agpl-3.0.en.html AGPL3
+ * @link       https://castopod.org/
+ */
+
+namespace App\Controllers;
+
+use CodeIgniter\Controller;
+use CodeIgniter\HTTP\Response;
+
+class ActivityPubController extends Controller
+{
+    /**
+     * @noRector ReturnTypeDeclarationRector
+     */
+    public function preflight(): Response
+    {
+        return $this->response->setHeader('Access-Control-Allow-Origin', '*') // for allowing any domain, insecure
+            ->setHeader('Access-Control-Allow-Headers', '*') // for allowing any headers, insecure
+            ->setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS') // allows GET and OPTIONS methods only
+            ->setHeader('Access-Control-Max-Age', '86400')
+            ->setHeader('Cache-Control', 'public, max-age=86400')
+            ->setStatusCode(200);
+    }
+}
diff --git a/app/Controllers/EpisodeController.php b/app/Controllers/EpisodeController.php
index 6d897b2610..f3d3f9c066 100644
--- a/app/Controllers/EpisodeController.php
+++ b/app/Controllers/EpisodeController.php
@@ -210,19 +210,6 @@ class EpisodeController extends BaseController
             ->setBody($podcastObject->toJSON());
     }
 
-    /**
-     * @noRector ReturnTypeDeclarationRector
-     */
-    public function commentsPreflight(): Response
-    {
-        return $this->response->setHeader('Access-Control-Allow-Origin', '*') // for allowing any domain, insecure
-            ->setHeader('Access-Control-Allow-Headers', '*') // for allowing any headers, insecure
-            ->setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS') // allows GET and OPTIONS methods only
-            ->setHeader('Access-Control-Max-Age', '86400')
-            ->setHeader('Cache-Control', 'public, max-age=86400')
-            ->setStatusCode(200);
-    }
-
     /**
      * @noRector ReturnTypeDeclarationRector
      */
-- 
GitLab