Set missing CORS headers for Report API responses. (#222)

2024-06-28 23:52:06 +00:00 · 2022-02-15 09:19:13 +01:00 · 2022-02-15 09:19:13 +01:00 · 097829d75a
commit 097829d75a
parent e49e4d05eb
1 changed files with 12 additions and 0 deletions
--- a/src/webapis/WebAPIs.ts
+++ b/src/webapis/WebAPIs.ts
@ -52,8 +52,20 @@ export class WebAPIs {
        // Configure /report API.
        if (config.web.abuseReporting.enabled) {
            console.log(`Configuring ${API_PREFIX}/report/:room_id/:event_id...`);
+            this.webController.options(`${API_PREFIX}/report/:room_id/:event_id`, async (request, response) => {
+                // reply with CORS options
+                response.header("Access-Control-Allow-Origin", "*");
+                response.header("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, Authorization, Date");
+                response.header("Access-Control-Allow-Methods", "POST, OPTIONS");
+                response.status(200);
+                return response.send();
+            });
            this.webController.post(`${API_PREFIX}/report/:room_id/:event_id`, async (request, response) => {
                console.debug(`Received a message on ${API_PREFIX}/report/:room_id/:event_id`, request.params);
+                // set CORS headers for the response
+                response.header("Access-Control-Allow-Origin", "*");
+                response.header("Access-Control-Allow-Headers", "X-Requested-With, Content-Type, Authorization, Date");
+                response.header("Access-Control-Allow-Methods", "POST, OPTIONS");
                await this.handleReport({ request, response, roomId: request.params.room_id, eventId: request.params.event_id })
            });
            console.log(`Configuring ${API_PREFIX}/report/:room_id/:event_id... DONE`);