X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FApp%2FModule.php;h=5b7c3d15007bb11c995ae001f43027d87c1de708;hb=0e2e488521fbcf2d52dc8037ee6e9dd577fbf14c;hp=b2cc8210e374786e1fb5fb88ba499fd2c79c2b87;hpb=b1e0c5128e0b991add0627dae2c8ddc0ef344838;p=friendica.git diff --git a/src/App/Module.php b/src/App/Module.php index b2cc8210e3..5b7c3d1500 100644 --- a/src/App/Module.php +++ b/src/App/Module.php @@ -24,11 +24,13 @@ namespace Friendica\App; use Friendica\App; use Friendica\BaseModule; use Friendica\Core; +use Friendica\Core\Config\Capability\IManageConfigValues; use Friendica\LegacyModule; use Friendica\Module\Home; use Friendica\Module\HTTPException\MethodNotAllowed; use Friendica\Module\HTTPException\PageNotFound; use Friendica\Network\HTTPException\MethodNotAllowedException; +use Friendica\Network\HTTPException\NoContentException; use Friendica\Network\HTTPException\NotFoundException; use Friendica\Util\Profiler; use Psr\Log\LoggerInterface; @@ -63,7 +65,6 @@ class Module 'outbox', 'poco', 'post', - 'proxy', 'pubsub', 'pubsubhubbub', 'receive', @@ -169,15 +170,15 @@ class Module /** * Determine the class of the current module * - * @param Arguments $args The Friendica execution arguments - * @param Router $router The Friendica routing instance - * @param Core\Config\IConfig $config The Friendica Configuration + * @param Arguments $args The Friendica execution arguments + * @param Router $router The Friendica routing instance + * @param IManageConfigValues $config The Friendica Configuration * * @return Module The determined module of this call * * @throws \Exception */ - public function determineClass(Arguments $args, Router $router, Core\Config\IConfig $config) + public function determineClass(Arguments $args, Router $router, IManageConfigValues $config) { $printNotAllowedAddon = false; @@ -265,18 +266,35 @@ class Module $logger->debug('index.php: page not found.', ['request_uri' => $server['REQUEST_URI'], 'address' => $server['REMOTE_ADDR'], 'query' => $server['QUERY_STRING']]); } + // @see https://github.com/tootsuite/mastodon/blob/c3aef491d66aec743a3a53e934a494f653745b61/config/initializers/cors.rb + if (substr($_REQUEST['pagename'] ?? '', 0, 12) == '.well-known/') { + header('Access-Control-Allow-Origin: *'); + header('Access-Control-Allow-Headers: *'); + header('Access-Control-Allow-Methods: ' . Router::GET); + header('Access-Control-Allow-Credentials: false'); + } elseif (substr($_REQUEST['pagename'] ?? '', 0, 8) == 'profile/') { + header('Access-Control-Allow-Origin: *'); + header('Access-Control-Allow-Headers: *'); + header('Access-Control-Allow-Methods: ' . Router::GET); + header('Access-Control-Allow-Credentials: false'); + } elseif (substr($_REQUEST['pagename'] ?? '', 0, 4) == 'api/') { + header('Access-Control-Allow-Origin: *'); + header('Access-Control-Allow-Headers: *'); + header('Access-Control-Allow-Methods: ' . implode(',', Router::ALLOWED_METHODS)); + header('Access-Control-Allow-Credentials: false'); + header('Access-Control-Expose-Headers: Link'); + } elseif (substr($_REQUEST['pagename'] ?? '', 0, 11) == 'oauth/token') { + header('Access-Control-Allow-Origin: *'); + header('Access-Control-Allow-Headers: *'); + header('Access-Control-Allow-Methods: ' . Router::POST); + header('Access-Control-Allow-Credentials: false'); + } + // @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS // @todo Check allowed methods per requested path if ($server['REQUEST_METHOD'] === Router::OPTIONS) { - header('HTTP/1.1 204 No Content'); header('Allow: ' . implode(',', Router::ALLOWED_METHODS)); - // Deactivated until we know about possible side effects - // header('Access-Control-Allow-Credentials: true'); - // header('Access-Control-Allow-Headers: Authorization,Content-Type'); - // header('Access-Control-Allow-Methods: ' . implode(',', Router::ALLOWED_METHODS)); - // header('Access-Control-Allow-Origin: ' . DI::baseUrl()); - // header('Access-Control-Max-Age: 86400'); - exit(); + throw new NoContentException(); } $placeholder = '';