forked from forgejo/forgejo
Backport #28587, the only conflict is the test file.
The CORS code has been unmaintained for long time, and the behavior is
not correct.
This PR tries to improve it. The key point is written as comment in
code. And add more tests.
Fix #28515
Fix #27642
Fix #17098
(cherry picked from commit 7a2786ca6c)
This commit is contained in:
wxiaoguang
Earl Warren
parent
0b872a403d
commit
265cd70bdb
11 changed files with 131 additions and 78 deletions
|
|
@ -12,9 +12,7 @@ import (
|
|||
// CORSConfig defines CORS settings
|
||||
var CORSConfig = struct {
|
||||
Enabled bool
|
||||
Scheme string
|
||||
AllowDomain []string
|
||||
AllowSubdomain bool
|
||||
AllowDomain []string // FIXME: this option is from legacy code, it actually works as "AllowedOrigins". When refactoring in the future, the config option should also be renamed together.
|
||||
Methods []string
|
||||
MaxAge time.Duration
|
||||
AllowCredentials bool
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue