mirror of
https://git.pleroma.social/pleroma/relay.git
synced 2024-11-12 18:58:00 +00:00
add cors headers to api routes
This commit is contained in:
parent
587b9483d7
commit
f7e31d9387
|
@ -14,7 +14,7 @@
|
|||
%link(rel="stylesheet" type="text/css" href="/theme/{{config.theme}}.css" nonce="{{view.request['hash']}}" class="theme")
|
||||
%link(rel="stylesheet" type="text/css" href="/static/style.css" nonce="{{view.request['hash']}}")
|
||||
%link(rel="manifest" href="/manifest.json")
|
||||
%script(type="application/javascript" src="/static/api.js" nonce="{{view.request['hash']}}", defer)
|
||||
%script(type="application/javascript" src="/static/api.js" nonce="{{view.request['hash']}}" defer)
|
||||
-block head
|
||||
|
||||
%body
|
||||
|
|
|
@ -137,11 +137,13 @@ class HttpClient:
|
|||
logging.verbose('Failed to parse JSON')
|
||||
return None
|
||||
|
||||
except ClientSSLError:
|
||||
except ClientSSLError as e:
|
||||
logging.verbose('SSL error when connecting to %s', urlparse(url).netloc)
|
||||
logging.warning(str(e))
|
||||
|
||||
except (AsyncTimeoutError, ClientConnectionError):
|
||||
except (AsyncTimeoutError, ClientConnectionError) as e:
|
||||
logging.verbose('Failed to connect to %s', urlparse(url).netloc)
|
||||
logging.warning(str(e))
|
||||
|
||||
except Exception:
|
||||
traceback.print_exc()
|
||||
|
@ -210,11 +212,13 @@ class HttpClient:
|
|||
logging.debug("headers: %s", json.dumps(headers, indent = 4))
|
||||
return
|
||||
|
||||
except ClientSSLError:
|
||||
except ClientSSLError as e:
|
||||
logging.warning('SSL error when pushing to %s', urlparse(url).netloc)
|
||||
logging.warning(str(e))
|
||||
|
||||
except (AsyncTimeoutError, ClientConnectionError):
|
||||
except (AsyncTimeoutError, ClientConnectionError) as e:
|
||||
logging.warning('Failed to connect to %s for message push', urlparse(url).netloc)
|
||||
logging.warning(str(e))
|
||||
|
||||
# prevent workers from being brought down
|
||||
except Exception:
|
||||
|
|
|
@ -116,7 +116,7 @@ class ActorView(View):
|
|||
return Response.new_error(400, 'actor missing public key', 'json')
|
||||
|
||||
try:
|
||||
await self.signer.validate_aiohttp_request(self.request)
|
||||
await self.signer.validate_request_async(self.request)
|
||||
|
||||
except aputils.SignatureFailureError as e:
|
||||
logging.verbose('signature validation failed for "%s": %s', self.actor.id, e)
|
||||
|
|
|
@ -18,6 +18,12 @@ if typing.TYPE_CHECKING:
|
|||
from typing import Any
|
||||
|
||||
|
||||
ALLOWED_HEADERS = {
|
||||
'accept',
|
||||
'authorization',
|
||||
'content-type'
|
||||
}
|
||||
|
||||
PUBLIC_API_PATHS: Sequence[tuple[str, str]] = (
|
||||
('GET', '/api/v1/relay'),
|
||||
('GET', '/api/v1/instance'),
|
||||
|
@ -48,14 +54,20 @@ async def handle_api_path(request: Request, handler: Callable) -> Response:
|
|||
request['token'] = None
|
||||
request['user'] = None
|
||||
|
||||
if check_api_path(request.method, request.path):
|
||||
if request.method != "OPTIONS" and check_api_path(request.method, request.path):
|
||||
if not request['token']:
|
||||
return Response.new_error(401, 'Missing token', 'json')
|
||||
|
||||
if not request['user']:
|
||||
return Response.new_error(401, 'Invalid token', 'json')
|
||||
|
||||
return await handler(request)
|
||||
response = await handler(request)
|
||||
|
||||
if request.path.startswith('/api'):
|
||||
response.headers['Access-Control-Allow-Origin'] = '*'
|
||||
response.headers['Access-Control-Allow-Headers'] = ', '.join(ALLOWED_HEADERS)
|
||||
|
||||
return response
|
||||
|
||||
|
||||
@register_route('/api/v1/token')
|
||||
|
|
|
@ -62,6 +62,10 @@ class View(AbstractView):
|
|||
return await handler(self.request, **self.request.match_info, **kwargs)
|
||||
|
||||
|
||||
async def options(self, request: Request) -> Response:
|
||||
return Response.new()
|
||||
|
||||
|
||||
@cached_property
|
||||
def allowed_methods(self) -> Sequence[str]:
|
||||
return tuple(self.handlers.keys())
|
||||
|
|
|
@ -44,7 +44,7 @@ async def handle_frontend_path(request: web.Request, handler: Callable) -> Respo
|
|||
|
||||
response = await handler(request)
|
||||
|
||||
if not request['user'] and request['token']:
|
||||
if not request.path.startswith('/api') and not request['user'] and request['token']:
|
||||
response.del_cookie('user-token')
|
||||
|
||||
return response
|
||||
|
|
Loading…
Reference in a new issue