diff options
| author | Giteabot <teabot@gitea.io> | 2023-11-23 22:27:00 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-11-23 22:27:00 +0800 |
| commit | 23838c2c2eaf596bffd5331406be99edc264883c (patch) | |
| tree | 45da95b932a5fc12b94a300408007d85e6679d15 | |
| parent | f9763f136629bc440a77e7bc96371a8531b38fa5 (diff) | |
| download | gitea-23838c2c2eaf596bffd5331406be99edc264883c.tar.gz gitea-23838c2c2eaf596bffd5331406be99edc264883c.zip | |
Make CORS work for oauth2 handlers (#28184) (#28185)
Backport #28184
Fix #25473
Although there was `m.Post("/login/oauth/access_token", CorsHandler()...`,
it never really worked, because it still lacks the "OPTIONS" handler.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
| -rw-r--r-- | modules/web/route.go | 4 | ||||
| -rw-r--r-- | routers/web/misc/misc.go | 4 | ||||
| -rw-r--r-- | routers/web/web.go | 2 |
3 files changed, 10 insertions, 0 deletions
diff --git a/modules/web/route.go b/modules/web/route.go index c24c8f4d67..86b83dd723 100644 --- a/modules/web/route.go +++ b/modules/web/route.go @@ -136,6 +136,10 @@ func (r *Route) Get(pattern string, h ...any) { r.Methods("GET", pattern, h...) } +func (r *Route) Options(pattern string, h ...any) { + r.Methods("OPTIONS", pattern, h...) +} + // GetOptions delegate get and options method func (r *Route) GetOptions(pattern string, h ...any) { r.Methods("GET,OPTIONS", pattern, h...) diff --git a/routers/web/misc/misc.go b/routers/web/misc/misc.go index 54c93763f6..e351994010 100644 --- a/routers/web/misc/misc.go +++ b/routers/web/misc/misc.go @@ -33,6 +33,10 @@ func DummyOK(w http.ResponseWriter, req *http.Request) { w.WriteHeader(http.StatusOK) } +func DummyBadRequest(w http.ResponseWriter, req *http.Request) { + w.WriteHeader(http.StatusBadRequest) +} + func RobotsTxt(w http.ResponseWriter, req *http.Request) { robotsTxt := util.FilePathJoinAbs(setting.CustomPath, "public/robots.txt") if ok, _ := util.IsExist(robotsTxt); !ok { diff --git a/routers/web/web.go b/routers/web/web.go index a1be5cbbc2..599a7d357a 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -532,8 +532,10 @@ func registerRoutes(m *web.Route) { m.Post("/authorize", web.Bind(forms.AuthorizationForm{}), auth.AuthorizeOAuth) }, ignSignInAndCsrf, reqSignIn) m.Get("/login/oauth/userinfo", ignSignInAndCsrf, auth.InfoOAuth) + m.Options("/login/oauth/access_token", CorsHandler(), misc.DummyBadRequest) m.Post("/login/oauth/access_token", CorsHandler(), web.Bind(forms.AccessTokenForm{}), ignSignInAndCsrf, auth.AccessTokenOAuth) m.Get("/login/oauth/keys", ignSignInAndCsrf, auth.OIDCKeys) + m.Options("/login/oauth/introspect", CorsHandler(), misc.DummyBadRequest) m.Post("/login/oauth/introspect", CorsHandler(), web.Bind(forms.IntrospectTokenForm{}), ignSignInAndCsrf, auth.IntrospectOAuth) m.Group("/user/settings", func() { |