kosmos/akkounts
kosmos/akkounts
8
1
Fork 0
Code Issues 19 Pull Requests 1 Actions Packages Releases 12 Activity

Set CORS headers for all .well-known responses
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source 
So we don't have to consider it for reverse proxies etc.
This commit is contained in:
Râu Cao 2024-09-10 16:06:11 +02:00
parent 45137e0cfe
commit af3da0a26c
Signed by: raucao
GPG Key ID: 37036C356E56CC51
4 changed files with 21 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/controllers/webfinger_controller.rb
View File

@ -1,8 +1,6 @@
class WebfingerController < ApplicationController class WebfingerController < WellKnownController
before_action :allow_cross_origin_requests, only: [:show] before_action :allow_cross_origin_requests, only: [:show]
layout false
def show def show
resource = params[:resource] resource = params[:resource]
@ -91,10 +89,4 @@ class WebfingerController < ApplicationController
} }
} }
end end
def allow_cross_origin_requests
return unless Rails.env.development?
headers['Access-Control-Allow-Origin'] = "*"
headers['Access-Control-Allow-Methods'] = "GET"
end
end end

8
app/controllers/well_known_controller.rb
View File

@ -1,5 +1,8 @@
class WellKnownController < ApplicationController class WellKnownController < ApplicationController
before_action :require_nostr_enabled, only: [ :nostr ] before_action :require_nostr_enabled, only: [ :nostr ]
before_action :allow_cross_origin_requests, only: [ :nostr ]
layout false
def nostr def nostr
http_status :unprocessable_entity and return if params[:name].blank? http_status :unprocessable_entity and return if params[:name].blank?
@ -30,4 +33,9 @@ class WellKnownController < ApplicationController
def require_nostr_enabled def require_nostr_enabled
http_status :not_found unless Setting.nostr_enabled? http_status :not_found unless Setting.nostr_enabled?
end end
def allow_cross_origin_requests
headers['Access-Control-Allow-Origin'] = "*"
headers['Access-Control-Allow-Methods'] = "GET"
end
end end

6
spec/requests/webfinger_spec.rb
View File

@ -94,6 +94,12 @@ RSpec.describe "WebFinger", type: :request do
oauth_url = rs_link["properties"]["http://tools.ietf.org/html/rfc6749#section-4.2"] oauth_url = rs_link["properties"]["http://tools.ietf.org/html/rfc6749#section-4.2"]
expect(oauth_url).to eql("http://www.example.com/rs/oauth/tony") expect(oauth_url).to eql("http://www.example.com/rs/oauth/tony")
end end
it "returns CORS headers" do
get "/.well-known/nostr.json?name=bobdylan"
expect(response.headers['Access-Control-Allow-Origin']).to eq("*")
expect(response.headers['Access-Control-Allow-Methods']).to eq('GET')
end
end end
context "remoteStorage not enabled for user" do context "remoteStorage not enabled for user" do

6
spec/requests/well_known_spec.rb
View File

@ -46,6 +46,12 @@ RSpec.describe "Well-known URLs", type: :request do
expect(res["names"]["bobdylan"]).to eq(user.nostr_pubkey) expect(res["names"]["bobdylan"]).to eq(user.nostr_pubkey)
end end
it "returns CORS headers" do
get "/.well-known/nostr.json?name=bobdylan"
expect(response.headers['Access-Control-Allow-Origin']).to eq("*")
expect(response.headers['Access-Control-Allow-Methods']).to eq('GET')
end
context "without relay configured" do context "without relay configured" do
before do before do
Setting.nostr_relay_url = "" Setting.nostr_relay_url = ""