API: Add APIHandler back

This handler should no have been removed in 4276, as it adds the required CORS
header (Access-Control-Allow-Origin) for public acces to the API.

Thanks to iBicha for noticing this!
This commit is contained in:
Samantaz Fox 2024-02-13 21:05:26 +01:00
parent 5c0b6d8afa
commit 7b84bdb29b
No known key found for this signature in database
GPG key ID: F42821059186176E
2 changed files with 14 additions and 0 deletions

View file

@ -217,6 +217,7 @@ public_folder "assets"
Kemal.config.powered_by_header = false
add_handler FilteredCompressHandler.new
add_handler APIHandler.new
add_handler AuthHandler.new
add_handler DenyFrame.new
add_context_storage_type(Array(String))

View file

@ -134,6 +134,19 @@ class AuthHandler < Kemal::Handler
end
end
class APIHandler < Kemal::Handler
{% for method in %w(GET POST PUT HEAD DELETE PATCH OPTIONS) %}
only ["/api/v1/*"], {{method}}
{% end %}
exclude ["/api/v1/auth/notifications"], "GET"
exclude ["/api/v1/auth/notifications"], "POST"
def call(env)
env.response.headers["Access-Control-Allow-Origin"] = "*" if only_match?(env)
call_next env
end
end
class DenyFrame < Kemal::Handler
exclude ["/embed/*"]