1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2025-01-08 17:02:41 +00:00

Fix compatibility issues

- CORS OPTIONS requests may not ask for credentials
- Fever apparently didn't care about supplied Content-Type
This commit is contained in:
J. King 2021-03-03 16:46:57 -05:00
parent e6b4edd160
commit f90b78a976
3 changed files with 10 additions and 13 deletions

View file

@ -72,9 +72,6 @@ class API extends \JKingWeb\Arsse\REST\AbstractHandler {
]); ]);
case "GET": // HTTP violation required for client "Unread" on iOS case "GET": // HTTP violation required for client "Unread" on iOS
case "POST": case "POST":
if (!HTTP::matchType($req, "", ...self::ACCEPTED_TYPES)) {
return new EmptyResponse(415, ['Accept' => implode(", ", self::ACCEPTED_TYPES)]);
}
$out = [ $out = [
'api_version' => self::LEVEL, 'api_version' => self::LEVEL,
'auth' => 0, 'auth' => 0,

View file

@ -236,10 +236,6 @@ class V1 extends \JKingWeb\Arsse\REST\AbstractHandler {
} }
public function dispatch(ServerRequestInterface $req): ResponseInterface { public function dispatch(ServerRequestInterface $req): ResponseInterface {
// try to authenticate
if (!$this->authenticate($req)) {
return new ErrorResponse("401", 401);
}
// get the request path only; this is assumed to already be normalized // get the request path only; this is assumed to already be normalized
$target = parse_url($req->getRequestTarget(), \PHP_URL_PATH) ?? ""; $target = parse_url($req->getRequestTarget(), \PHP_URL_PATH) ?? "";
$method = $req->getMethod(); $method = $req->getMethod();
@ -247,6 +243,10 @@ class V1 extends \JKingWeb\Arsse\REST\AbstractHandler {
if ($method === "OPTIONS") { if ($method === "OPTIONS") {
return $this->handleHTTPOptions($target); return $this->handleHTTPOptions($target);
} }
// try to authenticate
if (!$this->authenticate($req)) {
return new ErrorResponse("401", 401);
}
$func = $this->chooseCall($target, $method); $func = $this->chooseCall($target, $method);
if ($func instanceof ResponseInterface) { if ($func instanceof ResponseInterface) {
return $func; return $func;

View file

@ -76,18 +76,18 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
} }
public function dispatch(ServerRequestInterface $req): ResponseInterface { public function dispatch(ServerRequestInterface $req): ResponseInterface {
// try to authenticate
if ($req->getAttribute("authenticated", false)) {
Arsse::$user->id = $req->getAttribute("authenticatedUser");
} else {
return new EmptyResponse(401);
}
// get the request path only; this is assumed to already be normalized // get the request path only; this is assumed to already be normalized
$target = parse_url($req->getRequestTarget())['path'] ?? ""; $target = parse_url($req->getRequestTarget())['path'] ?? "";
// handle HTTP OPTIONS requests // handle HTTP OPTIONS requests
if ($req->getMethod() === "OPTIONS") { if ($req->getMethod() === "OPTIONS") {
return $this->handleHTTPOptions($target); return $this->handleHTTPOptions($target);
} }
// try to authenticate
if ($req->getAttribute("authenticated", false)) {
Arsse::$user->id = $req->getAttribute("authenticatedUser");
} else {
return new EmptyResponse(401);
}
// normalize the input // normalize the input
$data = (string) $req->getBody(); $data = (string) $req->getBody();
if ($data) { if ($data) {