Make CORS work for oauth2 handlers (#28184)

author wxiaoguang <wxiaoguang@gmail.com>

Thu, 23 Nov 2023 13:19:26 +0000 (21:19 +0800)

committer GitHub <noreply@github.com>

Thu, 23 Nov 2023 13:19:26 +0000 (21:19 +0800)
author wxiaoguang <wxiaoguang@gmail.com>
Thu, 23 Nov 2023 13:19:26 +0000 (21:19 +0800)
committer GitHub <noreply@github.com>
Thu, 23 Nov 2023 13:19:26 +0000 (21:19 +0800)
diff --git a/modules/web/route.go b/modules/web/route.go

index c24c8f4d67f8b53af078a29b30349d6d061a3b31..86b83dd72362cec4ed1c96129b960c0c18000905 100644 (file)
--- a/modules/web/route.go
+++ b/modules/web/route.go
@@ -136,6 +136,10 @@ func (r *Route) Get(pattern string, h ...any) {
         r.Methods("GET", pattern, h...)
  }
  
+func (r *Route) Options(pattern string, h ...any) {
+       r.Methods("OPTIONS", pattern, h...)
+}
+
  // GetOptions delegate get and options method
  func (r *Route) GetOptions(pattern string, h ...any) {
         r.Methods("GET,OPTIONS", pattern, h...)
diff --git a/routers/web/misc/misc.go b/routers/web/misc/misc.go

index 54c93763f6a00bcbedaed0e344d475c47f82629d..e35199401074dc6d1283c84cc39deff424e71522 100644 (file)
--- a/routers/web/misc/misc.go
+++ b/routers/web/misc/misc.go
@@ -33,6 +33,10 @@ func DummyOK(w http.ResponseWriter, req *http.Request) {
         w.WriteHeader(http.StatusOK)
  }
  
+func DummyBadRequest(w http.ResponseWriter, req *http.Request) {
+       w.WriteHeader(http.StatusBadRequest)
+}
+
  func RobotsTxt(w http.ResponseWriter, req *http.Request) {
         robotsTxt := util.FilePathJoinAbs(setting.CustomPath, "public/robots.txt")
         if ok, _ := util.IsExist(robotsTxt); !ok {
diff --git a/routers/web/web.go b/routers/web/web.go

index f8b745fb10b551158f6d7a69d711955ae3413107..da7360f1b8690970d2a198bb8132266af965898d 100644 (file)
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -533,8 +533,10 @@ func registerRoutes(m *web.Route) {
                 m.Post("/authorize", web.Bind(forms.AuthorizationForm{}), auth.AuthorizeOAuth)
         }, ignSignInAndCsrf, reqSignIn)
         m.Get("/login/oauth/userinfo", ignSignInAndCsrf, auth.InfoOAuth)
+       m.Options("/login/oauth/access_token", CorsHandler(), misc.DummyBadRequest)
         m.Post("/login/oauth/access_token", CorsHandler(), web.Bind(forms.AccessTokenForm{}), ignSignInAndCsrf, auth.AccessTokenOAuth)
         m.Get("/login/oauth/keys", ignSignInAndCsrf, auth.OIDCKeys)
+       m.Options("/login/oauth/introspect", CorsHandler(), misc.DummyBadRequest)
         m.Post("/login/oauth/introspect", CorsHandler(), web.Bind(forms.IntrospectTokenForm{}), ignSignInAndCsrf, auth.IntrospectOAuth)
  
         m.Group("/user/settings", func() {
author	wxiaoguang <wxiaoguang@gmail.com>
	Thu, 23 Nov 2023 13:19:26 +0000 (21:19 +0800)
committer	GitHub <noreply@github.com>
	Thu, 23 Nov 2023 13:19:26 +0000 (21:19 +0800)
modules/web/route.go		patch \| blob \| history
routers/web/misc/misc.go		patch \| blob \| history
routers/web/web.go		patch \| blob \| history