-
-
Notifications
You must be signed in to change notification settings - Fork 5.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Handle CORS requests #6289
Merged
Merged
Handle CORS requests #6289
Changes from 24 commits
Commits
Show all changes
30 commits
Select commit
Hold shift + click to select a range
e35c3a3
Handle CORS requests
tamalsaha aa8b18b
Merge remote-tracking branch 'upstream/master' into cors-pr
techknowlogick 1b7326a
add vendor
techknowlogick 0e20860
add docs
techknowlogick cdcc350
use time.Duration
techknowlogick 1e9267f
follow struct
techknowlogick f98e157
cast to int
techknowlogick 4e355d7
sample tests
techknowlogick 941cbeb
update tests
techknowlogick 77ed706
disable cors for disabled cors test
techknowlogick d21cafa
make fmt
techknowlogick 34811f7
make session
techknowlogick ffd17b1
change func
techknowlogick 30c74e3
map
techknowlogick a1fd528
blank
techknowlogick 747d397
func
techknowlogick c2d32bb
set default to true
techknowlogick 9caf3ee
refactor
techknowlogick 095e52c
disable by default
techknowlogick beba88f
make fmt
techknowlogick ab866c3
refactor
techknowlogick 035c36f
appropriate log message
techknowlogick a3633f2
remove not needed lib
techknowlogick 7cd4f34
better name of func
techknowlogick c995452
Merge branch 'master' into cors-pr
techknowlogick aee5375
Update go.mod
techknowlogick b369256
go get
techknowlogick 4525788
Merge branch 'master' into cors-pr
techknowlogick e3d5742
Merge branch 'master' into cors-pr
lunny 0c56e5f
Merge remote-tracking branch 'upstream/master' into cors-pr
tamalsaha File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
// Copyright 2019 The Gitea Authors. All rights reserved. | ||
// Use of this source code is governed by a MIT-style | ||
// license that can be found in the LICENSE file. | ||
|
||
package integrations | ||
|
||
import ( | ||
"net/http" | ||
"testing" | ||
|
||
"github.com/stretchr/testify/assert" | ||
) | ||
|
||
func TestCORSNotSet(t *testing.T) { | ||
prepareTestEnv(t) | ||
req := NewRequestf(t, "GET", "/api/v1/version") | ||
session := loginUser(t, "user2") | ||
resp := session.MakeRequest(t, req, http.StatusOK) | ||
assert.Equal(t, resp.Code, http.StatusOK) | ||
corsHeader := resp.Header().Get("Access-Control-Allow-Origin") | ||
assert.Equal(t, corsHeader, "", "Access-Control-Allow-Origin: generated header should match") // header not set | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
// Copyright 2019 The Gitea Authors. All rights reserved. | ||
// Use of this source code is governed by a MIT-style | ||
// license that can be found in the LICENSE file. | ||
|
||
package setting | ||
|
||
import ( | ||
"time" | ||
|
||
"code.gitea.io/gitea/modules/log" | ||
|
||
"github.com/go-macaron/cors" | ||
) | ||
|
||
var ( | ||
// CORSConfig defines CORS settings | ||
CORSConfig cors.Options | ||
// EnableCORS defines whether CORS settings is enabled or not | ||
EnableCORS bool | ||
lafriks marked this conversation as resolved.
Show resolved
Hide resolved
|
||
) | ||
|
||
func newCORSService() { | ||
sec := Cfg.Section("cors") | ||
// Check cors setting. | ||
EnableCORS = sec.Key("ENABLED").MustBool(false) | ||
|
||
maxAge := sec.Key("MAX_AGE").MustDuration(10 * time.Minute) | ||
|
||
CORSConfig = cors.Options{ | ||
Scheme: sec.Key("SCHEME").String(), | ||
techknowlogick marked this conversation as resolved.
Show resolved
Hide resolved
|
||
AllowDomain: sec.Key("ALLOW_DOMAIN").String(), | ||
AllowSubdomain: sec.Key("ALLOW_SUBDOMAIN").MustBool(), | ||
Methods: sec.Key("METHODS").Strings(","), | ||
MaxAgeSeconds: int(maxAge.Seconds()), | ||
AllowCredentials: sec.Key("ALLOW_CREDENTIALS").MustBool(), | ||
} | ||
|
||
if EnableCORS { | ||
log.Info("CORS Service Enabled") | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is this replace needed? https://github.com/go-macaron/cors is up-todate with github.com/tamalsaha/cors
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See: go-macaron/cors#1
it fails otherwise
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@techknowlogick , I just updated go-macaron/cors@6fd6a9b . Please revendor . This should be fixed.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for fix 😄