Add cache and CORS headers to ActivityPub endpoints

diff --git a/src/Module/Objects.php b/src/Module/Objects.php
index 0f2536bcc96c400e3a5e5788708bb16acaea41e2..b5b5227141c1a84808d92c966c714ce72ed4e342 100644 (file)
--- a/src/Module/Objects.php
+++ b/src/Module/Objects.php
@@ -76,6 +76,8 @@ class Objects extends BaseModule
                $data = ['@context' => ActivityPub::CONTEXT];
                $data = array_merge($data, $activity['object']);
 
+               // Relaxed CORS header for public items
+               header('Access-Control-Allow-Origin: *');
                System::jsonExit($data, 'application/activity+json');
        }
 }

diff --git a/src/Module/Profile/Profile.php b/src/Module/Profile/Profile.php
index bbf0da38218588d418028d031c1def9913af7c80..61426488033c4a795ae8a4a9fede3c804ba6227f 100644 (file)
--- a/src/Module/Profile/Profile.php
+++ b/src/Module/Profile/Profile.php
@@ -54,6 +54,8 @@ class Profile extends BaseProfile
                                // The function returns an empty array when the account is removed, expired or blocked
                                $data = ActivityPub\Transmitter::getProfile($user['uid']);
                                if (!empty($data)) {
+                                       header('Access-Control-Allow-Origin: *');
+                                       header('Cache-Control: max-age=23200, stale-while-revalidate=23200');
                                        System::jsonExit($data, 'application/activity+json');
                                }
                        }