New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CORS preflight OPTIONS request to API returns 404 #5724

Open
salcedo opened this Issue Jan 14, 2019 · 7 comments

Comments

5 participants
@salcedo
Copy link

salcedo commented Jan 14, 2019

  • Gitea version (or commit ref): 1.6.1
  • Git version: 2.20.1
  • Operating system: OpenBSD 6.4
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • Not relevant
  • Log gist:

Description

I'm working on a project that will make some requests to Gitea's API. As my project is on a different origin, my browser sends a CORS preflight (an OPTIONS request).

Gitea doesn't handle an OPTIONS request, and returns 404.

How to fix?

Works:

curl -X GET https://git.example.com/api/v1/repos/search

Returns 404:

curl -X OPTIONS https://git.example.com/api/v1/repos/search

Screenshots

@techknowlogick

This comment has been minimized.

Copy link
Member

techknowlogick commented Jan 14, 2019

Closed as duplicate of #5700

There is a PR in works to resolve this

@JuhoHeiskanen

This comment has been minimized.

Copy link

JuhoHeiskanen commented Jan 23, 2019

This issue is technically not a duplicate since #5700 deals with the git smart http protocol, not the Gitea API. Pull #5719 that closed the "duplicate" issue does not resolve this one.

@techknowlogick

This comment has been minimized.

Copy link
Member

techknowlogick commented Jan 23, 2019

Access-Control-Allow-Origin header And OPTIONS method response were implemented with that ticket the users purpose may have been for different purposes but they indeed accomplished the same goal

@JuhoHeiskanen

This comment has been minimized.

Copy link

JuhoHeiskanen commented Jan 23, 2019

As far as I can tell, the Gitea API is unaffected by that change. The change does not seem to affect the /api/v1/repos/search endpoint.

@JuhoHeiskanen

This comment has been minimized.

Copy link

JuhoHeiskanen commented Jan 23, 2019

To be more clear, the pull did not implement CORS header support for the API, but it did implement support for them in git-over-http.

@techknowlogick

This comment has been minimized.

Copy link
Member

techknowlogick commented Jan 23, 2019

That’s helpful information. Thanks :)

@FallingSnow

This comment has been minimized.

Copy link

FallingSnow commented Jan 31, 2019

It seems that Gitea doesn't add cors headers to non-option requests either. Cors headers are required on both preflight OPTION requests as well as the following intended requests.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment