]> source.dussan.org Git - gitea.git/commitdiff
projects / gitea.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 59d1cc4)
Add CORS config on to /login/oauth/access_token endpoint (#14850)
authorzeripath <art27@cantab.net>
Thu, 4 Mar 2021 01:25:30 +0000 (01:25 +0000)
committerGitHub <noreply@github.com>
Thu, 4 Mar 2021 01:25:30 +0000 (03:25 +0200)
Fix #7204

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
routers/routes/web.go patch | blob | history

diff --git a/routers/routes/web.go b/routers/routes/web.go
index 0130009059f4e81a611b5e64995eca60af1cc781..22774b2cdccca288d80d7ef0582e041875d4c4e2 100644 (file)
--- a/routers/routes/web.go
+++ b/routers/routes/web.go
@@ -47,6 +47,7 @@ import (
        "gitea.com/go-chi/session"
        "github.com/NYTimes/gziphandler"
        "github.com/go-chi/chi/middleware"
+       "github.com/go-chi/cors"
        "github.com/prometheus/client_golang/prometheus"
        "github.com/tstranex/u2f"
        "github.com/unknwon/com"
@@ -389,7 +390,18 @@ func RegisterRoutes(m *web.Route) {
                // TODO manage redirection
                m.Post("/authorize", bindIgnErr(auth.AuthorizationForm{}), user.AuthorizeOAuth)
        }, ignSignInAndCsrf, reqSignIn)
-       m.Post("/login/oauth/access_token", bindIgnErr(auth.AccessTokenForm{}), ignSignInAndCsrf, user.AccessTokenOAuth)
+       if setting.CORSConfig.Enabled {
+               m.Post("/login/oauth/access_token", cors.Handler(cors.Options{
+                       //Scheme:           setting.CORSConfig.Scheme, // FIXME: the cors middleware needs scheme option
+                       AllowedOrigins: setting.CORSConfig.AllowDomain,
+                       //setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option
+                       AllowedMethods:   setting.CORSConfig.Methods,
+                       AllowCredentials: setting.CORSConfig.AllowCredentials,
+                       MaxAge:           int(setting.CORSConfig.MaxAge.Seconds()),
+               }), bindIgnErr(auth.AccessTokenForm{}), ignSignInAndCsrf, user.AccessTokenOAuth)
+       } else {
+               m.Post("/login/oauth/access_token", bindIgnErr(auth.AccessTokenForm{}), ignSignInAndCsrf, user.AccessTokenOAuth)
+       }
 
        m.Group("/user/settings", func() {
                m.Get("", userSetting.Profile)
Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea