Add configuration for CORS allowed headers (#21747)

This PR enhances the CORS middleware usage by allowing for the headers to be configured in `app.ini`. Fixes #21746 Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
author: Drew Noel <drew.noel@aon.com> 2022-11-11 01:39:27 -0500
committer: GitHub <noreply@github.com> 2022-11-11 14:39:27 +0800
commit: 2cbea23d700df9a45899e5de40e93e1a73354ce1 (patch)
tree: 5df074cfe7ad301b4ccc1e19b1a45e91178e03ed /custom/conf
parent: fb704f6c7248a13b29300e161bd28c52115aeb22 (diff)
download: gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.tar.gz
gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 9f41fdb080..8e85394d34 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -1138,6 +1138,9 @@ ROUTER = console
 ;; allow request with credentials
 ;ALLOW_CREDENTIALS = false
 ;;
+;; headers to permit
+;HEADERS = Content-Type,User-Agent
+;;
 ;; set X-FRAME-OPTIONS header
 ;X_FRAME_OPTIONS = SAMEORIGIN
author	Drew Noel <drew.noel@aon.com>	2022-11-11 01:39:27 -0500
committer	GitHub <noreply@github.com>	2022-11-11 14:39:27 +0800
commit	2cbea23d700df9a45899e5de40e93e1a73354ce1 (patch)
tree	5df074cfe7ad301b4ccc1e19b1a45e91178e03ed /custom/conf
parent	fb704f6c7248a13b29300e161bd28c52115aeb22 (diff)
download	gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.tar.gz gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.zip