diff --git a/routers/web/web.go b/routers/web/web.go index 7a47f479c0da3..31a14743d8a36 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -60,6 +60,7 @@ func CorsHandler() func(next http.Handler) http.Handler { AllowedOrigins: setting.CORSConfig.AllowDomain, //setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option AllowedMethods: setting.CORSConfig.Methods, + AllowedHeaders: []string{"*"}, AllowCredentials: setting.CORSConfig.AllowCredentials, MaxAge: int(setting.CORSConfig.MaxAge.Seconds()), }) @@ -146,6 +147,23 @@ func Routes() *web.Route { routes.Get("/metrics", append(common, Metrics)...) } + ///* + if setting.CORSConfig.Enabled { + corsHandle := cors.Handler(cors.Options{ + //Scheme: setting.CORSConfig.Scheme, // FIXME: the cors middleware needs scheme option + AllowedOrigins: setting.CORSConfig.AllowDomain, + //setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option + AllowedMethods: setting.CORSConfig.Methods, + AllowedHeaders: []string{"*"}, + // OptionsPassthrough: true, + Debug: true, + AllowCredentials: setting.CORSConfig.AllowCredentials, + MaxAge: int(setting.CORSConfig.MaxAge.Seconds()), + }) + common = append(common, corsHandle) + } + //*/ + // Removed: toolbox.Toolboxer middleware will provide debug information which seems unnecessary common = append(common, context.Contexter()) @@ -752,7 +770,7 @@ func RegisterRoutes(m *web.Route) { m.Post("/delete", repo.DeleteMilestone) }, context.RepoMustNotBeArchived(), reqRepoIssuesOrPullsWriter, context.RepoRef()) m.Group("/pull", func() { - m.Post("/{index}/target_branch", repo.UpdatePullRequestTarget) + m.Post("/{index}/target_branch", CorsHandler(), repo.UpdatePullRequestTarget) }, context.RepoMustNotBeArchived()) m.Group("", func() { @@ -1006,17 +1024,17 @@ func RegisterRoutes(m *web.Route) { }, ignSignInAndCsrf, lfsServerEnabled) m.Group("", func() { - m.Post("/git-upload-pack", repo.ServiceUploadPack) - m.Post("/git-receive-pack", repo.ServiceReceivePack) - m.Get("/info/refs", repo.GetInfoRefs) - m.Get("/HEAD", repo.GetTextFile("HEAD")) - m.Get("/objects/info/alternates", repo.GetTextFile("objects/info/alternates")) - m.Get("/objects/info/http-alternates", repo.GetTextFile("objects/info/http-alternates")) - m.Get("/objects/info/packs", repo.GetInfoPacks) - m.Get("/objects/info/{file:[^/]*}", repo.GetTextFile("")) - m.Get("/objects/{head:[0-9a-f]{2}}/{hash:[0-9a-f]{38}}", repo.GetLooseObject) - m.Get("/objects/pack/pack-{file:[0-9a-f]{40}}.pack", repo.GetPackFile) - m.Get("/objects/pack/pack-{file:[0-9a-f]{40}}.idx", repo.GetIdxFile) + m.Post("/git-upload-pack", CorsHandler(), repo.ServiceUploadPack) + m.Post("/git-receive-pack", CorsHandler(), repo.ServiceReceivePack) + m.Get("/info/refs", CorsHandler(), repo.GetInfoRefs) + m.Get("/HEAD", CorsHandler(), repo.GetTextFile("HEAD")) + m.Get("/objects/info/alternates", CorsHandler(), repo.GetTextFile("objects/info/alternates")) + m.Get("/objects/info/http-alternates", CorsHandler(), repo.GetTextFile("objects/info/http-alternates")) + m.Get("/objects/info/packs", CorsHandler(), repo.GetInfoPacks) + m.Get("/objects/info/{file:[^/]*}", CorsHandler(), repo.GetTextFile("")) + m.Get("/objects/{head:[0-9a-f]{2}}/{hash:[0-9a-f]{38}}", CorsHandler(), repo.GetLooseObject) + m.Get("/objects/pack/pack-{file:[0-9a-f]{40}}.pack", CorsHandler(), repo.GetPackFile) + m.Get("/objects/pack/pack-{file:[0-9a-f]{40}}.idx", CorsHandler(), repo.GetIdxFile) }, ignSignInAndCsrf) m.Head("/tasks/trigger", repo.TriggerTask)