gitea/modules/setting/cors.go

// Copyright 2019 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package setting

import (
	"time"

	"code.gitea.io/gitea/modules/log"
)

// CORSConfig defines CORS settings
var CORSConfig = struct {
	Enabled          bool
	AllowDomain      []string // FIXME: this option is from legacy code, it actually works as "AllowedOrigins". When refactoring in the future, the config option should also be renamed together.
	Methods          []string
	MaxAge           time.Duration
	AllowCredentials bool
	Headers          []string
	XFrameOptions    string
}{
	AllowDomain:   []string{"*"},
	Methods:       []string{"GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"},
	Headers:       []string{"Content-Type", "User-Agent"},
	MaxAge:        10 * time.Minute,
	XFrameOptions: "SAMEORIGIN",
}

func loadCorsFrom(rootCfg ConfigProvider) {
	mustMapSetting(rootCfg, "cors", &CORSConfig)
	if CORSConfig.Enabled {
		log.Info("CORS Service Enabled")
	}
}
Handle CORS requests (#6289) 2019-05-13 15:38:53 +00:00			`// Copyright 2019 The Gitea Authors. All rights reserved.`
Implement FSFE REUSE for golang files (#21840) Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com> 2022-11-27 18:20:29 +00:00			`// SPDX-License-Identifier: MIT`
Handle CORS requests (#6289) 2019-05-13 15:38:53 +00:00
			`package setting`

			`import (`
			`"time"`

			`"code.gitea.io/gitea/modules/log"`
			`)`

format with gofumpt (#18184) * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt 2022-01-20 17:46:10 +00:00			`// CORSConfig defines CORS settings`
			`var CORSConfig = struct {`
			`Enabled bool`
Refactor CORS handler (#28587) The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix #28515 Fix #27642 Fix #17098 2023-12-25 12:13:18 +00:00			`AllowDomain []string // FIXME: this option is from legacy code, it actually works as "AllowedOrigins". When refactoring in the future, the config option should also be renamed together.`
format with gofumpt (#18184) * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt 2022-01-20 17:46:10 +00:00			`Methods []string`
			`MaxAge time.Duration`
			`AllowCredentials bool`
Add configuration for CORS allowed headers (#21747) This PR enhances the CORS middleware usage by allowing for the headers to be configured in `app.ini`. Fixes #21746 Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> 2022-11-11 06:39:27 +00:00			`Headers []string`
format with gofumpt (#18184) * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt 2022-01-20 17:46:10 +00:00			`XFrameOptions string`
			`}{`
Fix incorrect CORS default values (#24206) Document: ``` ;ALLOW_DOMAIN = * ;METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS ``` Co-authored-by: Giteabot <teabot@gitea.io> 2023-04-19 19:30:10 +00:00			`AllowDomain: []string{"*"},`
			`Methods: []string{"GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"},`
Add configuration for CORS allowed headers (#21747) This PR enhances the CORS middleware usage by allowing for the headers to be configured in `app.ini`. Fixes #21746 Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> 2022-11-11 06:39:27 +00:00			`Headers: []string{"Content-Type", "User-Agent"},`
Fix incorrect CORS default values (#24206) Document: ``` ;ALLOW_DOMAIN = * ;METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS ``` Co-authored-by: Giteabot <teabot@gitea.io> 2023-04-19 19:30:10 +00:00			`MaxAge: 10 * time.Minute,`
format with gofumpt (#18184) * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt 2022-01-20 17:46:10 +00:00			`XFrameOptions: "SAMEORIGIN",`
			`}`
Handle CORS requests (#6289) 2019-05-13 15:38:53 +00:00
Refactor the setting to make unit test easier (#22405) Some bugs caused by less unit tests in fundamental packages. This PR refactor `setting` package so that create a unit test will be easier than before. - All `LoadFromXXX` files has been splited as two functions, one is `InitProviderFromXXX` and `LoadCommonSettings`. The first functions will only include the code to create or new a ini file. The second function will load common settings. - It also renames all functions in setting from `newXXXService` to `loadXXXSetting` or `loadXXXFrom` to make the function name less confusing. - Move `XORMLog` to `SQLLog` because it's a better name for that. Maybe we should finally move these `loadXXXSetting` into the `XXXInit` function? Any idea? --------- Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: delvh <dev.lh@web.de> 2023-02-19 16:12:01 +00:00			`func loadCorsFrom(rootCfg ConfigProvider) {`
			`mustMapSetting(rootCfg, "cors", &CORSConfig)`
Movde dependents on macaron from modules/setting (#10050) Co-authored-by: Lauris BH <lauris@nix.lv> 2020-01-29 07:47:46 +00:00			`if CORSConfig.Enabled {`
Handle CORS requests (#6289) 2019-05-13 15:38:53 +00:00			`log.Info("CORS Service Enabled")`
			`}`
			`}`