Add configuration for CORS allowed headers (#21747)

This PR enhances the CORS middleware usage by allowing for the headers to be configured in `app.ini`. Fixes #21746 Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2025-07-03 09:07:19 +00:00 · 2022-11-11 01:39:27 -05:00
parent fb704f6c72
commit 2cbea23d70
5 changed files with 8 additions and 1 deletions
--- a/routers/web/web.go
+++ b/routers/web/web.go
@ -67,6 +67,7 @@ func CorsHandler() func(next http.Handler) http.Handler {
 			// setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option
 			AllowedMethods:   setting.CORSConfig.Methods,
 			AllowCredentials: setting.CORSConfig.AllowCredentials,
+			AllowedHeaders:   setting.CORSConfig.Headers,
 			MaxAge:           int(setting.CORSConfig.MaxAge.Seconds()),
 		})
 	}