forgejo/modules/setting/cors.go

// Copyright 2019 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package setting

import (
	"time"

	"code.gitea.io/gitea/modules/log"
)

// CORSConfig defines CORS settings
var CORSConfig = struct {
	Enabled          bool
	Scheme           string
	AllowDomain      []string
	AllowSubdomain   bool
	Methods          []string
	MaxAge           time.Duration
	AllowCredentials bool
	Headers          []string
	XFrameOptions    string
}{
	AllowDomain:   []string{"*"},
	Methods:       []string{"GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"},
	Headers:       []string{"Content-Type", "User-Agent"},
	MaxAge:        10 * time.Minute,
	XFrameOptions: "SAMEORIGIN",
}

func loadCorsFrom(rootCfg ConfigProvider) {
	mustMapSetting(rootCfg, "cors", &CORSConfig)
	if CORSConfig.Enabled {
		log.Info("CORS Service Enabled")
	}
}
Handle CORS requests (#6289) 2019-05-13 15:38:53 +00:00			`// Copyright 2019 The Gitea Authors. All rights reserved.`
Implement FSFE REUSE for golang files (#21840) Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com> 2022-11-27 18:20:29 +00:00			`// SPDX-License-Identifier: MIT`
Handle CORS requests (#6289) 2019-05-13 15:38:53 +00:00
			`package setting`

			`import (`
			`"time"`

			`"code.gitea.io/gitea/modules/log"`
			`)`

format with gofumpt (#18184) * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt 2022-01-20 17:46:10 +00:00			`// CORSConfig defines CORS settings`
			`var CORSConfig = struct {`
			`Enabled bool`
			`Scheme string`
			`AllowDomain []string`
			`AllowSubdomain bool`
			`Methods []string`
			`MaxAge time.Duration`
			`AllowCredentials bool`
Add configuration for CORS allowed headers (#21747) This PR enhances the CORS middleware usage by allowing for the headers to be configured in `app.ini`. Fixes #21746 Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> 2022-11-11 06:39:27 +00:00			`Headers []string`
format with gofumpt (#18184) * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt 2022-01-20 17:46:10 +00:00			`XFrameOptions string`
			`}{`
Fix incorrect CORS default values (#24206) (#24217) Backport #24206 by @wxiaoguang Document: ``` ;ALLOW_DOMAIN = * ;METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS ``` Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 2023-04-19 20:23:25 +00:00			`AllowDomain: []string{"*"},`
			`Methods: []string{"GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"},`
Add configuration for CORS allowed headers (#21747) This PR enhances the CORS middleware usage by allowing for the headers to be configured in `app.ini`. Fixes #21746 Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> 2022-11-11 06:39:27 +00:00			`Headers: []string{"Content-Type", "User-Agent"},`
Fix incorrect CORS default values (#24206) (#24217) Backport #24206 by @wxiaoguang Document: ``` ;ALLOW_DOMAIN = * ;METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS ``` Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> 2023-04-19 20:23:25 +00:00			`MaxAge: 10 * time.Minute,`
format with gofumpt (#18184) * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt 2022-01-20 17:46:10 +00:00			`XFrameOptions: "SAMEORIGIN",`
			`}`
Handle CORS requests (#6289) 2019-05-13 15:38:53 +00:00
Refactor the setting to make unit test easier (#22405) Some bugs caused by less unit tests in fundamental packages. This PR refactor `setting` package so that create a unit test will be easier than before. - All `LoadFromXXX` files has been splited as two functions, one is `InitProviderFromXXX` and `LoadCommonSettings`. The first functions will only include the code to create or new a ini file. The second function will load common settings. - It also renames all functions in setting from `newXXXService` to `loadXXXSetting` or `loadXXXFrom` to make the function name less confusing. - Move `XORMLog` to `SQLLog` because it's a better name for that. Maybe we should finally move these `loadXXXSetting` into the `XXXInit` function? Any idea? --------- Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: delvh <dev.lh@web.de> 2023-02-19 16:12:01 +00:00			`func loadCorsFrom(rootCfg ConfigProvider) {`
			`mustMapSetting(rootCfg, "cors", &CORSConfig)`
Movde dependents on macaron from modules/setting (#10050) Co-authored-by: Lauris BH <lauris@nix.lv> 2020-01-29 07:47:46 +00:00			`if CORSConfig.Enabled {`
Handle CORS requests (#6289) 2019-05-13 15:38:53 +00:00			`log.Info("CORS Service Enabled")`
			`}`
			`}`