Set CORS header fields to support Halcyon

author Michael <heluecht@pirati.ca>

Thu, 24 Jun 2021 18:02:29 +0000 (18:02 +0000)

committer Michael <heluecht@pirati.ca>

Thu, 24 Jun 2021 18:02:29 +0000 (18:02 +0000)
author Michael <heluecht@pirati.ca>
Thu, 24 Jun 2021 18:02:29 +0000 (18:02 +0000)
committer Michael <heluecht@pirati.ca>
Thu, 24 Jun 2021 18:02:29 +0000 (18:02 +0000)
diff --git a/src/App/Module.php b/src/App/Module.php

index b2cc8210e374786e1fb5fb88ba499fd2c79c2b87..5a2ad61837d46ebd0c39e7476c5e678b1a465c56 100644 (file)
--- a/src/App/Module.php
+++ b/src/App/Module.php
@@ -265,17 +265,35 @@ class Module
                         $logger->debug('index.php: page not found.', ['request_uri' => $server['REQUEST_URI'], 'address' => $server['REMOTE_ADDR'], 'query' => $server['QUERY_STRING']]);
                 }
  
+               // @see https://github.com/tootsuite/mastodon/blob/c3aef491d66aec743a3a53e934a494f653745b61/config/initializers/cors.rb
+               if (substr($_REQUEST['pagename'] ?? '', 0, 12) == '.well-known/') {
+                       header('Access-Control-Allow-Origin: *');
+                       header('Access-Control-Allow-Headers: *');
+                       header('Access-Control-Allow-Methods: ' . Router::GET);
+                       header('Access-Control-Allow-Credentials: false');
+               } elseif (substr($_REQUEST['pagename'] ?? '', 0, 8) == 'profile/') {
+                       header('Access-Control-Allow-Origin: *');
+                       header('Access-Control-Allow-Headers: *');
+                       header('Access-Control-Allow-Methods: ' . Router::GET);
+                       header('Access-Control-Allow-Credentials: false');
+               } elseif (substr($_REQUEST['pagename'] ?? '', 0, 4) == 'api/') {
+                       header('Access-Control-Allow-Origin: *');
+                       header('Access-Control-Allow-Headers: *');
+                       header('Access-Control-Allow-Methods: ' . implode(',', Router::ALLOWED_METHODS));
+                       header('Access-Control-Allow-Credentials: false');
+                       header('Access-Control-Expose-Headers: Link');
+               } elseif (substr($_REQUEST['pagename'] ?? '', 0, 11) == 'oauth/token') {
+                       header('Access-Control-Allow-Origin: *');
+                       header('Access-Control-Allow-Headers: *');
+                       header('Access-Control-Allow-Methods: ' . Router::POST);
+                       header('Access-Control-Allow-Credentials: false');
+               }
+
                 // @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS
                 // @todo Check allowed methods per requested path
                 if ($server['REQUEST_METHOD'] === Router::OPTIONS) {
                         header('HTTP/1.1 204 No Content');
                         header('Allow: ' . implode(',', Router::ALLOWED_METHODS));
-                       // Deactivated until we know about possible side effects
-                       // header('Access-Control-Allow-Credentials: true');
-                       // header('Access-Control-Allow-Headers: Authorization,Content-Type');
-                       // header('Access-Control-Allow-Methods: ' . implode(',', Router::ALLOWED_METHODS));
-                       // header('Access-Control-Allow-Origin: ' . DI::baseUrl());
-                       // header('Access-Control-Max-Age: 86400');
                         exit();
                 }
  
diff --git a/src/Module/Api/Mastodon/Accounts/Relationships.php b/src/Module/Api/Mastodon/Accounts/Relationships.php

index 12d5f2e660be71f53f87ffa081ec45e3511cf6a9..5631952d2a3f19adb594564c95867d099c980a2e 100644 (file)
--- a/src/Module/Api/Mastodon/Accounts/Relationships.php
+++ b/src/Module/Api/Mastodon/Accounts/Relationships.php
@@ -44,10 +44,14 @@ class Relationships extends BaseApi
                         'id' => [],
                 ]);
  
-               if (empty($request['id']) || !is_array($request['id'])) {
+               if (empty($request['id'])) {
                         DI::mstdnError()->UnprocessableEntity();
                 }
  
+               if (!is_array($request['id'])) {
+                       $request['id'] = [$request['id']];
+               }
+
                 $relationsships = [];
  
                 foreach ($request['id'] as $id) {
author	Michael <heluecht@pirati.ca>
	Thu, 24 Jun 2021 18:02:29 +0000 (18:02 +0000)
committer	Michael <heluecht@pirati.ca>
	Thu, 24 Jun 2021 18:02:29 +0000 (18:02 +0000)
src/App/Module.php		patch \| blob \| history
src/Module/Api/Mastodon/Accounts/Relationships.php		patch \| blob \| history