mirror of
				https://github.com/go-gitea/gitea
				synced 2025-10-26 08:58:24 +00:00 
			
		
		
		
	This PR enhances the CORS middleware usage by allowing for the headers to be configured in `app.ini`. Fixes #21746 Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
		
			
				
	
	
		
			41 lines
		
	
	
		
			900 B
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			41 lines
		
	
	
		
			900 B
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2019 The Gitea Authors. All rights reserved.
 | |
| // Use of this source code is governed by a MIT-style
 | |
| // license that can be found in the LICENSE file.
 | |
| 
 | |
| package setting
 | |
| 
 | |
| import (
 | |
| 	"time"
 | |
| 
 | |
| 	"code.gitea.io/gitea/modules/log"
 | |
| )
 | |
| 
 | |
| // CORSConfig defines CORS settings
 | |
| var CORSConfig = struct {
 | |
| 	Enabled          bool
 | |
| 	Scheme           string
 | |
| 	AllowDomain      []string
 | |
| 	AllowSubdomain   bool
 | |
| 	Methods          []string
 | |
| 	MaxAge           time.Duration
 | |
| 	AllowCredentials bool
 | |
| 	Headers          []string
 | |
| 	XFrameOptions    string
 | |
| }{
 | |
| 	Enabled:       false,
 | |
| 	MaxAge:        10 * time.Minute,
 | |
| 	Headers:       []string{"Content-Type", "User-Agent"},
 | |
| 	XFrameOptions: "SAMEORIGIN",
 | |
| }
 | |
| 
 | |
| func newCORSService() {
 | |
| 	sec := Cfg.Section("cors")
 | |
| 	if err := sec.MapTo(&CORSConfig); err != nil {
 | |
| 		log.Fatal("Failed to map cors settings: %v", err)
 | |
| 	}
 | |
| 
 | |
| 	if CORSConfig.Enabled {
 | |
| 		log.Info("CORS Service Enabled")
 | |
| 	}
 | |
| }
 |