Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" #25974

Merged
merged 11 commits into from Jul 21, 2023
Merged

Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" #25974

merged 11 commits into from Jul 21, 2023

Conversation

wxiaoguang
Copy link
Contributor

@wxiaoguang wxiaoguang commented Jul 19, 2023
edited

Replace #25892

Close #21942
Close #25464

Major changes:

  1. Serve "robots.txt" and ".well-known/security.txt" in the "public" custom path
    • All files in "public/.well-known" can be served, just like "public/assets"
  2. Add a test for ".well-known/security.txt"
  3. Simplify the "FileHandlerFunc" logic, now the paths are consistent so the code can be simpler
  4. Add CORS header for ".well-known" endpoints
  5. Add logs to tell users they should move some of their legacy custom public files
2023/07/19 13:00:37 cmd/web.go:178:serveInstalled() [E] Found legacy public asset "img" in CustomPath. Please move it to /work/gitea/custom/public/assets/img
2023/07/19 13:00:37 cmd/web.go:182:serveInstalled() [E] Found legacy public asset "robots.txt" in CustomPath. Please move it to /work/gitea/custom/public/robots.txt

This PR is not breaking.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jul 19, 2023
@pull-request-size pull-request-size bot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Jul 19, 2023
@wxiaoguang wxiaoguang mentioned this pull request Jul 19, 2023
Closed
@wxiaoguang wxiaoguang added the type/feature Completely new functionality. Can only be merged if feature freeze is not active. label Jul 19, 2023
@wxiaoguang wxiaoguang added this to the 1.21.0 milestone Jul 19, 2023
@wxiaoguang wxiaoguang force-pushed the serve-public branch 2 times, most recently from 92f8994 to 94f62c8 Compare July 19, 2023 05:14
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jul 19, 2023
silverwind
silverwind reviewed Jul 19, 2023
View reviewed changes
cmd/web.go Outdated Show resolved Hide resolved
@wxiaoguang @silverwind
Update cmd/web.go
9aaa1fe 
Co-authored-by: silverwind <me@silverwind.io>
@wxiaoguang wxiaoguang changed the title Add "security.txt" support, add CORS header for ".well-known" Serve files in "public/.well-known", add "security.txt" support, add CORS header for ".well-known" Jul 19, 2023
@wxiaoguang wxiaoguang changed the title Serve files in "public/.well-known", add "security.txt" support, add CORS header for ".well-known" Serve files in "public/.well-known", add "security.txt", add CORS header for ".well-known" Jul 19, 2023
@wxiaoguang wxiaoguang changed the title Serve files in "public/.well-known", add "security.txt", add CORS header for ".well-known" Serve some files in "public", add "security.txt", add CORS header for ".well-known" Jul 19, 2023
@wxiaoguang wxiaoguang changed the title Serve some files in "public", add "security.txt", add CORS header for ".well-known" Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" Jul 19, 2023
@wxiaoguang wxiaoguang mentioned this pull request Jul 20, 2023
Open
@wxiaoguang
Merge branch 'main' into serve-public
508eac7 
# Conflicts:
#	routers/install/routes.go
#	routers/web/web.go
@wxiaoguang
fix merge
bee6d14
@wxiaoguang
Update security.txt
16ca037
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jul 21, 2023
@lunny lunny added the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Jul 21, 2023
@silverwind silverwind enabled auto-merge (squash) July 21, 2023 10:23
@silverwind silverwind merged commit 52fb936 into go-gitea:main Jul 21, 2023
24 checks passed
@GiteaBot GiteaBot removed the reviewed/wait-merge This pull request is part of the merge queue. It will be merged soon. label Jul 21, 2023
@wxiaoguang wxiaoguang deleted the serve-public branch July 21, 2023 12:20
zjjhot added a commit to zjjhot/gitea that referenced this pull request Jul 21, 2023
@zjjhot
Merge remote-tracking branch 'giteaoffical/main'
e1663fa 
* giteaoffical/main: (22 commits)
  Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (go-gitea#25974)
  Use frontend fetch for branch dropdown component  (go-gitea#25719)
  Remove commit status running and warning from the dashboard repo list (go-gitea#26036)
  Refactor to use urfave/cli/v2 (go-gitea#25959)
  Remove commit status running and warning to align GitHub (go-gitea#25839)
  Fix escape problems in the branch selector (go-gitea#25875)
  Update README.md to fix the broken link of Hugo (go-gitea#26008)
  Support copy protected branch from template repository (go-gitea#25889)
  Update JS dependencies (go-gitea#26025)
  Reduce margins on admin pages (go-gitea#26026)
  Actions Artifacts support uploading multiple files and directories (go-gitea#24874)
  [skip ci] Updated translations via Crowdin
  Remove redundant "RouteMethods" method (go-gitea#26024)
  Adding remaining enum for migration repo model type. (go-gitea#26021)
  RPM Registry: Show zypper commands for SUSE based distros as well (go-gitea#25981)
  Fix the route for pull-request's authors (go-gitea#26016)
  Remove nfnt/resize and oliamb/cutter (go-gitea#25999)
  Correctly refer to dev tags as nightly in the docker docs (go-gitea#26004)
  Fix env config parsing for "GITEA____APP_NAME" (go-gitea#26001)
  Add file status for API "Get a single commit from a repository" (go-gitea#16205) (go-gitea#25831)
  ...
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Oct 19, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lunny lunny lunny approved these changes

@silverwind silverwind silverwind approved these changes

@wolfogre wolfogre wolfogre approved these changes

@delvh delvh delvh approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. type/feature Completely new functionality. Can only be merged if feature freeze is not active.
Projects
None yet
Milestone
1.21.0
Development

Successfully merging this pull request may close these issues.

OAuth2 provider and CORS Add well-known security.txt
6 participants
@wxiaoguang @lunny @silverwind @wolfogre @delvh @GiteaBot