Refactor CORS handler (#28587)

The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix #28515 Fix #27642 Fix #17098
author: wxiaoguang <wxiaoguang@gmail.com> 2023-12-25 20:13:18 +0800
committer: GitHub <noreply@github.com> 2023-12-25 20:13:18 +0800
commit: b41925cee3d67a1fe546c7a219174e4a8b2302b7 (patch)
tree: c5d40048ba59379dc62821a19ecb4257499a6ee6 /custom/conf
parent: d0f24ff4cad05c1145afeca791e7d02fe146d46a (diff)
download: gitea-b41925cee3d67a1fe546c7a219174e4a8b2302b7.tar.gz
gitea-b41925cee3d67a1fe546c7a219174e4a8b2302b7.zip
1 files changed, 1 insertions, 7 deletions
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index f9111d541c..0fcf895b5a 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -1158,15 +1158,9 @@ LEVEL = Info
 ;; enable cors headers (disabled by default)
 ;ENABLED = false
 ;;
-;; scheme of allowed requests
-;SCHEME = http
-;;
-;; list of requesting domains that are allowed
+;; list of requesting origins that are allowed, eg: "https://*.example.com"
 ;ALLOW_DOMAIN = *
 ;;
-;; allow subdomains of headers listed above to request
-;ALLOW_SUBDOMAIN = false
-;;
 ;; list of methods allowed to request
 ;METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
 ;;
author	wxiaoguang <wxiaoguang@gmail.com>	2023-12-25 20:13:18 +0800
committer	GitHub <noreply@github.com>	2023-12-25 20:13:18 +0800
commit	b41925cee3d67a1fe546c7a219174e4a8b2302b7 (patch)
tree	c5d40048ba59379dc62821a19ecb4257499a6ee6 /custom/conf
parent	d0f24ff4cad05c1145afeca791e7d02fe146d46a (diff)
download	gitea-b41925cee3d67a1fe546c7a219174e4a8b2302b7.tar.gz gitea-b41925cee3d67a1fe546c7a219174e4a8b2302b7.zip