From 47a3e15edc2a2e9d76a3374a2f5ed7197b2aedea Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 28 Jul 2024 14:19:40 +0200 Subject: Add default API CORS HTTP Headers (#6659) * Add default API CORS HTTP Headers To allow interacting with our APIs from a JavaScript application. So far limited to the APIs: Greader, User queries Fix https://github.com/FreshRSS/FreshRSS/discussions/6654#discussioncomment-10131144 * Early abort for OPTIONS requests * Move a bit OPTIONS test * No content! * More cleaning --- p/api/greader.php | 14 ++++++++++++++ p/api/query.php | 9 +++++++++ 2 files changed, 23 insertions(+) diff --git a/p/api/greader.php b/p/api/greader.php index 9c3479546..a19512cfd 100644 --- a/p/api/greader.php +++ b/p/api/greader.php @@ -112,6 +112,12 @@ function debugInfo(): string { final class GReaderAPI { + /** @return never */ + private static function noContent() { + header('HTTP/1.1 204 No Content'); + exit(); + } + /** @return never */ private static function badRequest() { Minz_Log::warning(__METHOD__, API_LOG); @@ -987,6 +993,14 @@ final class GReaderAPI { public static function parse() { global $ORIGINAL_INPUT; + header('Access-Control-Allow-Headers: Authorization'); + header('Access-Control-Allow-Methods: GET, POST'); + header('Access-Control-Allow-Origin: *'); + header('Access-Control-Max-Age: 600'); + if (($_SERVER['REQUEST_METHOD'] ?? '') === 'OPTIONS') { + self::noContent(); + } + $pathInfo = ''; if (empty($_SERVER['PATH_INFO'])) { if (!empty($_SERVER['ORIG_PATH_INFO'])) { diff --git a/p/api/query.php b/p/api/query.php index 8fe3c44b0..fff48503e 100644 --- a/p/api/query.php +++ b/p/api/query.php @@ -159,6 +159,15 @@ if ($query->getName() != '') { } FreshRSS_Context::systemConf()->allow_anonymous = true; +header('Access-Control-Allow-Methods: GET'); +header('Access-Control-Allow-Origin: *'); +header('Access-Control-Max-Age: 600'); +header('Cache-Control: public, max-age=60'); +if (($_SERVER['REQUEST_METHOD'] ?? '') === 'OPTIONS') { + header('HTTP/1.1 204 No Content'); + exit(); +} + if (in_array($format, ['rss', 'atom'], true)) { header('Content-Type: application/rss+xml; charset=utf-8'); $view->_layout(null); -- cgit v1.2.3