Set CORS headers for all .well-known responses
	
		
			
	
		
	
	
		
	
		
			All checks were successful
		
		
	
	
		
			
				
	
				continuous-integration/drone/push Build is passing
				
			
		
		
	
	
				
					
				
			
		
			All checks were successful
		
		
	
	continuous-integration/drone/push Build is passing
				
			So we don't have to consider it for reverse proxies etc.
This commit is contained in:
		
							parent
							
								
									45137e0cfe
								
							
						
					
					
						commit
						af3da0a26c
					
				| @ -1,8 +1,6 @@ | ||||
| class WebfingerController < ApplicationController | ||||
| class WebfingerController < WellKnownController | ||||
|   before_action :allow_cross_origin_requests, only: [:show] | ||||
| 
 | ||||
|   layout false | ||||
| 
 | ||||
|   def show | ||||
|     resource = params[:resource] | ||||
| 
 | ||||
| @ -91,10 +89,4 @@ class WebfingerController < ApplicationController | ||||
|       } | ||||
|     } | ||||
|   end | ||||
| 
 | ||||
|   def allow_cross_origin_requests | ||||
|     return unless Rails.env.development? | ||||
|     headers['Access-Control-Allow-Origin'] = "*" | ||||
|     headers['Access-Control-Allow-Methods'] = "GET" | ||||
|   end | ||||
| end | ||||
|  | ||||
| @ -1,5 +1,8 @@ | ||||
| class WellKnownController < ApplicationController | ||||
|   before_action :require_nostr_enabled, only: [ :nostr ] | ||||
|   before_action :allow_cross_origin_requests, only: [ :nostr ] | ||||
| 
 | ||||
|   layout false | ||||
| 
 | ||||
|   def nostr | ||||
|     http_status :unprocessable_entity and return if params[:name].blank? | ||||
| @ -30,4 +33,9 @@ class WellKnownController < ApplicationController | ||||
|     def require_nostr_enabled | ||||
|       http_status :not_found unless Setting.nostr_enabled? | ||||
|     end | ||||
| 
 | ||||
|     def allow_cross_origin_requests | ||||
|       headers['Access-Control-Allow-Origin'] = "*" | ||||
|       headers['Access-Control-Allow-Methods'] = "GET" | ||||
|     end | ||||
| end | ||||
|  | ||||
| @ -94,6 +94,12 @@ RSpec.describe "WebFinger", type: :request do | ||||
|           oauth_url = rs_link["properties"]["http://tools.ietf.org/html/rfc6749#section-4.2"] | ||||
|           expect(oauth_url).to eql("http://www.example.com/rs/oauth/tony") | ||||
|         end | ||||
| 
 | ||||
|         it "returns CORS headers" do | ||||
|           get "/.well-known/nostr.json?name=bobdylan" | ||||
|           expect(response.headers['Access-Control-Allow-Origin']).to eq("*") | ||||
|           expect(response.headers['Access-Control-Allow-Methods']).to eq('GET') | ||||
|         end | ||||
|       end | ||||
| 
 | ||||
|       context "remoteStorage not enabled for user" do | ||||
|  | ||||
| @ -46,6 +46,12 @@ RSpec.describe "Well-known URLs", type: :request do | ||||
|         expect(res["names"]["bobdylan"]).to eq(user.nostr_pubkey) | ||||
|       end | ||||
| 
 | ||||
|       it "returns CORS headers" do | ||||
|         get "/.well-known/nostr.json?name=bobdylan" | ||||
|         expect(response.headers['Access-Control-Allow-Origin']).to eq("*") | ||||
|         expect(response.headers['Access-Control-Allow-Methods']).to eq('GET') | ||||
|       end | ||||
| 
 | ||||
|       context "without relay configured" do | ||||
|         before do | ||||
|           Setting.nostr_relay_url = "" | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user