port cors

docs/NEWS

@@ -1,6 +1,11 @@
 Version 2.1 ()
 ------------------------------------------------------------------------
 
+    * Add new config variable $serendipity['cors'] to allow to set
+      Access-Control-Allow-Origin: * headers for sensible places
+      (RSS feeds), to i.e. allow JavaScript's XMLHTTPRequest to read
+      those feeds.
+
     * Introduce a section with modern recommended themes in the
       themes backend menu. Themes can be included there by setting
       Recommended: Yes in their info.txt

rss.php

@@ -9,6 +9,10 @@ session_cache_limiter('public');
 include('serendipity_config.inc.php');
 include(S9Y_INCLUDE_PATH . 'include/functions_rss.inc.php');
 
+if ($serendipity['cors']) {
+    header('Access-Control-Allow-Origin: *'); // Allow RSS feeds to be read by javascript
+}
+
 $version     = $_GET['version'];
 $description = $serendipity['blogDescription'];
 $title       = $serendipity['blogTitle'];

serendipity_config.inc.php

@@ -86,6 +86,9 @@ $serendipity['max_fetch_limit'] = 50;
 // How many bytes are allowed for fetching trackbacks, so that no binary files get accidently trackbacked?
 $serendipity['trackback_filelimit'] = 150 * 1024;
 
+// Allow "Access-Controll-Allow-Origin: *" to be used in sensible locations (RSS feed)
+$serendipity['cors'] = false;
+
 if (!isset($serendipity['fetchLimit'])) {
     $serendipity['fetchLimit'] = 15;
 }