mirror of
				https://codeberg.org/forgejo/forgejo.git
				synced 2025-10-23 02:22:36 +00:00 
			
		
		
		
	The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix #28515 Fix #27642 Fix #17098
		
			
				
	
	
		
			34 lines
		
	
	
	
		
			973 B
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			34 lines
		
	
	
	
		
			973 B
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2019 The Gitea Authors. All rights reserved.
 | |
| // SPDX-License-Identifier: MIT
 | |
| 
 | |
| package setting
 | |
| 
 | |
| import (
 | |
| 	"time"
 | |
| 
 | |
| 	"code.gitea.io/gitea/modules/log"
 | |
| )
 | |
| 
 | |
| // CORSConfig defines CORS settings
 | |
| var CORSConfig = struct {
 | |
| 	Enabled          bool
 | |
| 	AllowDomain      []string // FIXME: this option is from legacy code, it actually works as "AllowedOrigins". When refactoring in the future, the config option should also be renamed together.
 | |
| 	Methods          []string
 | |
| 	MaxAge           time.Duration
 | |
| 	AllowCredentials bool
 | |
| 	Headers          []string
 | |
| 	XFrameOptions    string
 | |
| }{
 | |
| 	AllowDomain:   []string{"*"},
 | |
| 	Methods:       []string{"GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"},
 | |
| 	Headers:       []string{"Content-Type", "User-Agent"},
 | |
| 	MaxAge:        10 * time.Minute,
 | |
| 	XFrameOptions: "SAMEORIGIN",
 | |
| }
 | |
| 
 | |
| func loadCorsFrom(rootCfg ConfigProvider) {
 | |
| 	mustMapSetting(rootCfg, "cors", &CORSConfig)
 | |
| 	if CORSConfig.Enabled {
 | |
| 		log.Info("CORS Service Enabled")
 | |
| 	}
 | |
| }
 |