New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

repo/http: add CORS headers to allow clone/push from browser agents #4970

merged 1 commit into from Mar 14, 2018
Jump to file or symbol
Failed to load files and symbols.
+14 −0
Diff settings


Just for now

Copy path View file
@@ -635,8 +635,10 @@ func runWeb(c *cli.Context) error {
// e.g. with or without ".git" suffix.
m.Group("/:reponame([\\d\\w-_\\.]+\\.git$)", func() {
m.Get("", ignSignIn, context.RepoAssignment(), context.RepoRef(), repo.Home)
m.Options("/*", ignSignInAndCsrf, repo.HTTPContexter(), repo.HTTP)
m.Route("/*", "GET,POST", ignSignInAndCsrf, repo.HTTPContexter(), repo.HTTP)
m.Options("/:reponame/*", ignSignInAndCsrf, repo.HTTPContexter(), repo.HTTP)
m.Route("/:reponame/*", "GET,POST", ignSignInAndCsrf, repo.HTTPContexter(), repo.HTTP)
// ***** END: Repository *****
Copy path View file
@@ -56,6 +56,18 @@ func askCredentials(c *context.Context, status int, text string) {
func HTTPContexter() macaron.Handler {
return func(c *context.Context) {
if len(setting.HTTP.AccessControlAllowOrigin) > 0 {
// Set CORS headers for browser-based git clients
c.Resp.Header().Set("Access-Control-Allow-Origin", setting.HTTP.AccessControlAllowOrigin)
c.Resp.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
// Handle preflight OPTIONS request
if c.Req.Method == "OPTIONS" {
ownerName := c.Params(":username")
repoName := strings.TrimSuffix(c.Params(":reponame"), ".git")
repoName = strings.TrimSuffix(repoName, ".wiki")
ProTip! Use n and p to navigate between commits in a pull request.