From 47a3e15edc2a2e9d76a3374a2f5ed7197b2aedea Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 28 Jul 2024 14:19:40 +0200
Subject: Add default API CORS HTTP Headers (#6659)

* Add default API CORS HTTP Headers
To allow interacting with our APIs from a JavaScript application.
So far limited to the APIs: Greader, User queries
Fix https://github.com/FreshRSS/FreshRSS/discussions/6654#discussioncomment-10131144

* Early abort for OPTIONS requests

* Move a bit OPTIONS test

* No content!

* More cleaning
---
 p/api/query.php | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'p/api/query.php')

diff --git a/p/api/query.php b/p/api/query.php
index 8fe3c44b0..fff48503e 100644
--- a/p/api/query.php
+++ b/p/api/query.php
@@ -159,6 +159,15 @@ if ($query->getName() != '') {
 }
 FreshRSS_Context::systemConf()->allow_anonymous = true;
 
+header('Access-Control-Allow-Methods: GET');
+header('Access-Control-Allow-Origin: *');
+header('Access-Control-Max-Age: 600');
+header('Cache-Control: public, max-age=60');
+if (($_SERVER['REQUEST_METHOD'] ?? '') === 'OPTIONS') {
+	header('HTTP/1.1 204 No Content');
+	exit();
+}
+
 if (in_array($format, ['rss', 'atom'], true)) {
 	header('Content-Type: application/rss+xml; charset=utf-8');
 	$view->_layout(null);
-- 
cgit v1.2.3