From a4453ab5bc47b5a7f4a9623b26e3efb5d7d38646 Mon Sep 17 00:00:00 2001
From: flashwave <me@flash.moe>
Date: Fri, 17 Jan 2025 07:13:44 +0000
Subject: [PATCH] Allow indicating index using X-Content-Index header for
 better CORS experience.

---
 src/Tasks/TasksRoutes.php         | 23 ++++++++++++++++++++++-
 src/Uploads/UploadsViewRoutes.php |  2 +-
 2 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/src/Tasks/TasksRoutes.php b/src/Tasks/TasksRoutes.php
index ef2e2c1..6e28184 100644
--- a/src/Tasks/TasksRoutes.php
+++ b/src/Tasks/TasksRoutes.php
@@ -82,7 +82,28 @@ class TasksRoutes implements RouteHandler {
             ];
         }
 
-        $index = (int)$request->getParam('index', FILTER_SANITIZE_NUMBER_INT);
+        if($request->hasHeader('X-Content-Index')) {
+            if($request->hasParam('index')) {
+                $response->setStatusCode(400);
+                return [
+                    'error' => 'bad_param',
+                    'english' => 'the index query parameter may not be used at the same time as the X-Content-Index header.',
+                ];
+            }
+
+            $index = (int)filter_var($request->getHeaderLine('X-Content-Index'), FILTER_SANITIZE_NUMBER_INT);
+        } elseif($request->hasParam('index')) {
+            if($request->hasHeader('X-Content-Index')) {
+                $response->setStatusCode(400);
+                return [
+                    'error' => 'bad_param',
+                    'english' => 'the X-Content-Index header may not be used at the same time as the index query parameter.',
+                ];
+            }
+
+            $index = (int)$request->getParam('index', FILTER_SANITIZE_NUMBER_INT);
+        } else $index = 0;
+
         if($index < 0) {
             $response->setStatusCode(400);
             return [
diff --git a/src/Uploads/UploadsViewRoutes.php b/src/Uploads/UploadsViewRoutes.php
index 53d0cd4..7150168 100644
--- a/src/Uploads/UploadsViewRoutes.php
+++ b/src/Uploads/UploadsViewRoutes.php
@@ -28,7 +28,7 @@ class UploadsViewRoutes implements RouteHandler {
     #[HttpOptions('/([A-Za-z0-9]+|[A-Za-z0-9\-_]{32})(?:-([a-z0-9]+))?(?:\.([A-Za-z0-9\-_]+))?')]
     public function optionsUpload($response, $request, string $uploadId, string $variant = '', string $extension = ''): int {
         if($this->isApiDomain && $variant === '') {
-            $response->setHeader('Access-Control-Allow-Headers', 'Authorization, Content-Type, Content-Length');
+            $response->setHeader('Access-Control-Allow-Headers', 'Authorization, Content-Type, Content-Length, X-Content-Index');
             $response->setHeader('Access-Control-Allow-Methods', 'HEAD, GET, PUT, DELETE');
             $response->setHeader('Access-Control-Max-Age', '300');
         } else {