diff --git a/lib/REST/Fever/API.php b/lib/REST/Fever/API.php index 8f43d450..20e6c356 100644 --- a/lib/REST/Fever/API.php +++ b/lib/REST/Fever/API.php @@ -72,9 +72,6 @@ class API extends \JKingWeb\Arsse\REST\AbstractHandler { ]); case "GET": // HTTP violation required for client "Unread" on iOS case "POST": - if (!HTTP::matchType($req, "", ...self::ACCEPTED_TYPES)) { - return new EmptyResponse(415, ['Accept' => implode(", ", self::ACCEPTED_TYPES)]); - } $out = [ 'api_version' => self::LEVEL, 'auth' => 0, diff --git a/lib/REST/Miniflux/V1.php b/lib/REST/Miniflux/V1.php index a3854eac..96eb8c40 100644 --- a/lib/REST/Miniflux/V1.php +++ b/lib/REST/Miniflux/V1.php @@ -236,10 +236,6 @@ class V1 extends \JKingWeb\Arsse\REST\AbstractHandler { } public function dispatch(ServerRequestInterface $req): ResponseInterface { - // try to authenticate - if (!$this->authenticate($req)) { - return new ErrorResponse("401", 401); - } // get the request path only; this is assumed to already be normalized $target = parse_url($req->getRequestTarget(), \PHP_URL_PATH) ?? ""; $method = $req->getMethod(); @@ -247,6 +243,10 @@ class V1 extends \JKingWeb\Arsse\REST\AbstractHandler { if ($method === "OPTIONS") { return $this->handleHTTPOptions($target); } + // try to authenticate + if (!$this->authenticate($req)) { + return new ErrorResponse("401", 401); + } $func = $this->chooseCall($target, $method); if ($func instanceof ResponseInterface) { return $func; diff --git a/lib/REST/NextcloudNews/V1_2.php b/lib/REST/NextcloudNews/V1_2.php index 984491ab..111cf2f0 100644 --- a/lib/REST/NextcloudNews/V1_2.php +++ b/lib/REST/NextcloudNews/V1_2.php @@ -76,18 +76,18 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler { } public function dispatch(ServerRequestInterface $req): ResponseInterface { - // try to authenticate - if ($req->getAttribute("authenticated", false)) { - Arsse::$user->id = $req->getAttribute("authenticatedUser"); - } else { - return new EmptyResponse(401); - } // get the request path only; this is assumed to already be normalized $target = parse_url($req->getRequestTarget())['path'] ?? ""; // handle HTTP OPTIONS requests if ($req->getMethod() === "OPTIONS") { return $this->handleHTTPOptions($target); } + // try to authenticate + if ($req->getAttribute("authenticated", false)) { + Arsse::$user->id = $req->getAttribute("authenticatedUser"); + } else { + return new EmptyResponse(401); + } // normalize the input $data = (string) $req->getBody(); if ($data) {