Merge pull request #10953 from annando/bott-shrinked

[friendica.git] / src / App / Module.php

diff --git a/src/App/Module.php b/src/App/Module.php
index fff7641b76059113bd194fa5ba9cbabeb9866a67..5b7c3d15007bb11c995ae001f43027d87c1de708 100644 (file)
--- a/src/App/Module.php
+++ b/src/App/Module.php
@@ -1,6 +1,6 @@
 <?php
 /**
- * @copyright Copyright (C) 2020, Friendica
+ * @copyright Copyright (C) 2010-2021, the Friendica project
  *
  * @license GNU AGPL version 3 or any later version
  *
@@ -24,11 +24,13 @@ namespace Friendica\App;
 use Friendica\App;
 use Friendica\BaseModule;
 use Friendica\Core;
+use Friendica\Core\Config\Capability\IManageConfigValues;
 use Friendica\LegacyModule;
 use Friendica\Module\Home;
 use Friendica\Module\HTTPException\MethodNotAllowed;
 use Friendica\Module\HTTPException\PageNotFound;
 use Friendica\Network\HTTPException\MethodNotAllowedException;
+use Friendica\Network\HTTPException\NoContentException;
 use Friendica\Network\HTTPException\NotFoundException;
 use Friendica\Util\Profiler;
 use Psr\Log\LoggerInterface;
@@ -63,7 +65,6 @@ class Module
                'outbox',
                'poco',
                'post',
-               'proxy',
                'pubsub',
                'pubsubhubbub',
                'receive',
@@ -169,15 +170,15 @@ class Module
        /**
         * Determine the class of the current module
         *
-        * @param Arguments           $args   The Friendica execution arguments
-        * @param Router              $router The Friendica routing instance
-        * @param Core\Config\IConfig $config The Friendica Configuration
+        * @param Arguments                                             $args   The Friendica execution arguments
+        * @param Router                                                $router The Friendica routing instance
+        * @param IManageConfigValues $config The Friendica Configuration
         *
         * @return Module The determined module of this call
         *
         * @throws \Exception
         */
-       public function determineClass(Arguments $args, Router $router, Core\Config\IConfig $config)
+       public function determineClass(Arguments $args, Router $router, IManageConfigValues $config)
        {
                $printNotAllowedAddon = false;
 
@@ -265,6 +266,37 @@ class Module
                        $logger->debug('index.php: page not found.', ['request_uri' => $server['REQUEST_URI'], 'address' => $server['REMOTE_ADDR'], 'query' => $server['QUERY_STRING']]);
                }
 
+               // @see https://github.com/tootsuite/mastodon/blob/c3aef491d66aec743a3a53e934a494f653745b61/config/initializers/cors.rb
+               if (substr($_REQUEST['pagename'] ?? '', 0, 12) == '.well-known/') {
+                       header('Access-Control-Allow-Origin: *');
+                       header('Access-Control-Allow-Headers: *');
+                       header('Access-Control-Allow-Methods: ' . Router::GET);
+                       header('Access-Control-Allow-Credentials: false');
+               } elseif (substr($_REQUEST['pagename'] ?? '', 0, 8) == 'profile/') {
+                       header('Access-Control-Allow-Origin: *');
+                       header('Access-Control-Allow-Headers: *');
+                       header('Access-Control-Allow-Methods: ' . Router::GET);
+                       header('Access-Control-Allow-Credentials: false');
+               } elseif (substr($_REQUEST['pagename'] ?? '', 0, 4) == 'api/') {
+                       header('Access-Control-Allow-Origin: *');
+                       header('Access-Control-Allow-Headers: *');
+                       header('Access-Control-Allow-Methods: ' . implode(',', Router::ALLOWED_METHODS));
+                       header('Access-Control-Allow-Credentials: false');
+                       header('Access-Control-Expose-Headers: Link');
+               } elseif (substr($_REQUEST['pagename'] ?? '', 0, 11) == 'oauth/token') {
+                       header('Access-Control-Allow-Origin: *');
+                       header('Access-Control-Allow-Headers: *');
+                       header('Access-Control-Allow-Methods: ' . Router::POST);
+                       header('Access-Control-Allow-Credentials: false');
+               }
+
+               // @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS
+               // @todo Check allowed methods per requested path
+               if ($server['REQUEST_METHOD'] === Router::OPTIONS) {
+                       header('Allow: ' . implode(',', Router::ALLOWED_METHODS));
+                       throw new NoContentException();
+               }
+
                $placeholder = '';
 
                $profiler->set(microtime(true), 'ready');
@@ -276,11 +308,23 @@ class Module
 
                $profiler->set(microtime(true) - $timestamp, 'init');
 
-               if ($server['REQUEST_METHOD'] === 'POST') {
+               if ($server['REQUEST_METHOD'] === Router::DELETE) {
+                       call_user_func([$this->module_class, 'delete'], $this->module_parameters);
+               }
+
+               if ($server['REQUEST_METHOD'] === Router::PATCH) {
+                       call_user_func([$this->module_class, 'patch'], $this->module_parameters);
+               }
+
+               if ($server['REQUEST_METHOD'] === Router::POST) {
                        Core\Hook::callAll($this->module . '_mod_post', $post);
                        call_user_func([$this->module_class, 'post'], $this->module_parameters);
                }
 
+               if ($server['REQUEST_METHOD'] === Router::PUT) {
+                       call_user_func([$this->module_class, 'put'], $this->module_parameters);
+               }
+
                Core\Hook::callAll($this->module . '_mod_afterpost', $placeholder);
                call_user_func([$this->module_class, 'afterpost'], $this->module_parameters);