forgejo/modules/setting/cors.go
Drew Noel 2cbea23d70
Add configuration for CORS allowed headers (#21747)
This PR enhances the CORS middleware usage by allowing for the headers
to be configured in `app.ini`.

Fixes #21746

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-11 14:39:27 +08:00

40 lines
900 B
Go

// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package setting
import (
"time"
"code.gitea.io/gitea/modules/log"
)
// CORSConfig defines CORS settings
var CORSConfig = struct {
Enabled bool
Scheme string
AllowDomain []string
AllowSubdomain bool
Methods []string
MaxAge time.Duration
AllowCredentials bool
Headers []string
XFrameOptions string
}{
Enabled: false,
MaxAge: 10 * time.Minute,
Headers: []string{"Content-Type", "User-Agent"},
XFrameOptions: "SAMEORIGIN",
}
func newCORSService() {
sec := Cfg.Section("cors")
if err := sec.MapTo(&CORSConfig); err != nil {
log.Fatal("Failed to map cors settings: %v", err)
}
if CORSConfig.Enabled {
log.Info("CORS Service Enabled")
}
}