domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Set AllowedHeaders on API CORS handler (#16524)

Browse source 
Set AllowedHeaders on API CORS handler and add missing Access-Control-Expose-Headers
to pull API.

Fix #16100

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath 2021-08-04 20:56:49 +01:00 committed by GitHub
parent 7c4172ef71
commit 19e2c6a302
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
routers/api/v1/api.go
View file

@ -569,6 +569,7 @@ func Routes() *web.Route {
//setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option
AllowedMethods: setting.CORSConfig.Methods,
AllowCredentials: setting.CORSConfig.AllowCredentials,
AllowedHeaders: []string{"Authorization", "X-CSRFToken", "X-Gitea-OTP"},
MaxAge: int(setting.CORSConfig.MaxAge.Seconds()),
}))
}