Fix compatibility issues

- CORS OPTIONS requests may not ask for credentials - Fever apparently didn't care about supplied Content-Type
3 years ago · f90b78a976
3 changed files with 10 additions and 13 deletions
--- a/lib/REST/Fever/API.php
+++ b/lib/REST/Fever/API.php
@ -72,9 +72,6 @@ class API extends \JKingWeb\Arsse\REST\AbstractHandler {
                ]);
            case "GET": // HTTP violation required for client "Unread" on iOS
            case "POST":
-                if (!HTTP::matchType($req, "", ...self::ACCEPTED_TYPES)) {
-                    return new EmptyResponse(415, ['Accept' => implode(", ", self::ACCEPTED_TYPES)]);
-                }
                $out = [
                    'api_version' => self::LEVEL,
                    'auth'        => 0,
--- a/lib/REST/Miniflux/V1.php
+++ b/lib/REST/Miniflux/V1.php
@ -236,10 +236,6 @@ class V1 extends \JKingWeb\Arsse\REST\AbstractHandler {
    }

    public function dispatch(ServerRequestInterface $req): ResponseInterface {
-        // try to authenticate
-        if (!$this->authenticate($req)) {
-            return new ErrorResponse("401", 401);
-        }
        // get the request path only; this is assumed to already be normalized
        $target = parse_url($req->getRequestTarget(), \PHP_URL_PATH) ?? "";
        $method = $req->getMethod();
@ -247,6 +243,10 @@ class V1 extends \JKingWeb\Arsse\REST\AbstractHandler {
        if ($method === "OPTIONS") {
            return $this->handleHTTPOptions($target);
        }
+        // try to authenticate
+        if (!$this->authenticate($req)) {
+            return new ErrorResponse("401", 401);
+        }
        $func = $this->chooseCall($target, $method);
        if ($func instanceof ResponseInterface) {
            return $func;
--- a/lib/REST/NextcloudNews/V1_2.php
+++ b/lib/REST/NextcloudNews/V1_2.php
@ -76,18 +76,18 @@ class V1_2 extends \JKingWeb\Arsse\REST\AbstractHandler {
    }

    public function dispatch(ServerRequestInterface $req): ResponseInterface {
-        // try to authenticate
-        if ($req->getAttribute("authenticated", false)) {
-            Arsse::$user->id = $req->getAttribute("authenticatedUser");
-        } else {
-            return new EmptyResponse(401);
-        }
        // get the request path only; this is assumed to already be normalized
        $target = parse_url($req->getRequestTarget())['path'] ?? "";
        // handle HTTP OPTIONS requests
        if ($req->getMethod() === "OPTIONS") {
            return $this->handleHTTPOptions($target);
        }
+        // try to authenticate
+        if ($req->getAttribute("authenticated", false)) {
+            Arsse::$user->id = $req->getAttribute("authenticatedUser");
+        } else {
+            return new EmptyResponse(401);
+        }
        // normalize the input
        $data = (string) $req->getBody();
        if ($data) {