forked from forgejo/forgejo
Backport #28587, the only conflict is the test file.
The CORS code has been unmaintained for long time, and the behavior is
not correct.
This PR tries to improve it. The key point is written as comment in
code. And add more tests.
Fix #28515
Fix #27642
Fix #17098
(cherry picked from commit 7a2786ca6c)
This commit is contained in:
wxiaoguang
Earl Warren
parent
0b872a403d
commit
265cd70bdb
11 changed files with 131 additions and 78 deletions
|
|
@ -196,9 +196,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
|
|||
## CORS (`cors`)
|
||||
|
||||
- `ENABLED`: **false**: enable cors headers (disabled by default)
|
||||
- `SCHEME`: **http**: scheme of allowed requests
|
||||
- `ALLOW_DOMAIN`: **\***: list of requesting domains that are allowed
|
||||
- `ALLOW_SUBDOMAIN`: **false**: allow subdomains of headers listed above to request
|
||||
- `ALLOW_DOMAIN`: **\***: list of requesting origins that are allowed, eg: "https://*.example.com"
|
||||
- `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: list of methods allowed to request
|
||||
- `MAX_AGE`: **10m**: max time to cache response
|
||||
- `ALLOW_CREDENTIALS`: **false**: allow request with credentials
|
||||
|
|
|
|||
|
|
@ -195,9 +195,7 @@ menu:
|
|||
## 跨域 (`cors`)
|
||||
|
||||
- `ENABLED`: **false**: 启用 CORS 头部(默认禁用)
|
||||
- `SCHEME`: **http**: 允许请求的协议
|
||||
- `ALLOW_DOMAIN`: **\***: 允许请求的域名列表
|
||||
- `ALLOW_SUBDOMAIN`: **false**: 允许上述列出的头部的子域名发出请求。
|
||||
- `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: 允许发起的请求方式列表
|
||||
- `MAX_AGE`: **10m**: 缓存响应的最大时间
|
||||
- `ALLOW_CREDENTIALS`: **false**: 允许带有凭据的请求
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue