Creates an OPTIONS handler that handles any OPTIONS requests that are
not already handled by a handler. CORS has no mechanism to ensure the
user is authenticated, so the Router will reject cross-origin requests
from anon users.
This change allows authenticated users to make cross-origin
requests if they authenticate with OAuth or if
$wgRestAllowCrossOriginCookieAuth is enabled.
Bug: T232176
Bug: T262712
Change-Id: I128b4bdbec4f6bea35142153c951fd7b79617106
* Added ConditionalHeaderUtil, a conditional request helper class meant
for composition into Handler. I evaluated the composer package
micheh/psr7-cache for this role but I decided that I prefer DIY
code rather than some rather ugly glue.
* Check conditional request headers prior to entry into
Handler::execute(). Contrary to what was previously documented, use
the results of getLastModified() and getETag() to set headers in the
response. This is convenient and can be overridden in the Handler if
desired by overriding a one-line function.
* Instead of locking up header parsing inside ConditionalHeaderUtil as
was done in micheh/psr7-cache, make a start on a new reusable header
parsing framework, with recursive descent parsers for HTTP-date and
IfNoneMatch.
Change-Id: I260809081cad7701df8620ab03834158670d4230
