diff options
| author | zeripath <art27@cantab.net> | 2021-08-04 20:56:49 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-08-04 21:56:49 +0200 |
| commit | 19e2c6a302cc691ab0acbc464650bb57add41d0b (patch) | |
| tree | 021cb9703dddd6a42c3d782a116d64c958a3a41a | |
| parent | 7c4172ef71a0805f16b8bd89188bb1b4d3e33f9b (diff) | |
| download | gitea-19e2c6a302cc691ab0acbc464650bb57add41d0b.tar.gz gitea-19e2c6a302cc691ab0acbc464650bb57add41d0b.zip | |
Set AllowedHeaders on API CORS handler (#16524)
Set AllowedHeaders on API CORS handler and add missing Access-Control-Expose-Headers
to pull API.
Fix #16100
Signed-off-by: Andrew Thornton <art27@cantab.net>
| -rw-r--r-- | routers/api/v1/api.go | 1 | ||||
| -rw-r--r-- | routers/api/v1/repo/pull.go | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index b1933366f0..b2202254da 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -569,6 +569,7 @@ func Routes() *web.Route { //setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option AllowedMethods: setting.CORSConfig.Methods, AllowCredentials: setting.CORSConfig.AllowCredentials, + AllowedHeaders: []string{"Authorization", "X-CSRFToken", "X-Gitea-OTP"}, MaxAge: int(setting.CORSConfig.MaxAge.Seconds()), })) } diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go index ba47c3eb8e..3ae7b2683e 100644 --- a/routers/api/v1/repo/pull.go +++ b/routers/api/v1/repo/pull.go @@ -1254,5 +1254,6 @@ func GetPullRequestCommits(ctx *context.APIContext) { ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", totalNumberOfCommits)) ctx.Header().Set("X-PageCount", strconv.Itoa(totalNumberOfPages)) ctx.Header().Set("X-HasMore", strconv.FormatBool(listOptions.Page < totalNumberOfPages)) + ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, X-PerPage, X-Total, X-PageCount, X-HasMore, Link") ctx.JSON(http.StatusOK, &apiCommits) } |