Unverified Commit e12f95ac authored by Yassine Doghri's avatar Yassine Doghri
Browse files

feat: allow cross origin requests on episode comments

parent 797c96c1
Pipeline #986 passed with stages
in 9 minutes and 21 seconds
......@@ -736,6 +736,7 @@ $routes->group('@(:podcastName)', function ($routes): void {
],
],
]);
$routes->options('comments', 'EpisodeController::commentsPreflight/$1/$2');
$routes->get('comments', 'EpisodeController::comments/$1/$2', [
'as' => 'episode-comments',
'application/activity+json' => [
......
......@@ -210,6 +210,19 @@ class EpisodeController extends BaseController
->setBody($podcastObject->toJSON());
}
/**
* @noRector ReturnTypeDeclarationRector
*/
public function commentsPreflight(): Response
{
return $this->response->setHeader('Access-Control-Allow-Origin', '*') // for allowing any domain, insecure
->setHeader('Access-Control-Allow-Headers', '*') // for allowing any headers, insecure
->setHeader('Access-Control-Allow-Methods', 'GET, OPTIONS') // allows GET and OPTIONS methods only
->setHeader('Access-Control-Max-Age', '86400')
->setHeader('Cache-Control', 'public, max-age=86400')
->setStatusCode(200);
}
/**
* @noRector ReturnTypeDeclarationRector
*/
......@@ -250,6 +263,7 @@ class EpisodeController extends BaseController
return $this->response
->setContentType('application/activity+json')
->setHeader('Access-Control-Allow-Origin', '*')
->setBody($collection->toJSON());
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment