Refactor CORS handler (#28587)

The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix #28515 Fix #27642 Fix #17098
author: wxiaoguang <wxiaoguang@gmail.com> 2023-12-25 20:13:18 +0800
committer: GitHub <noreply@github.com> 2023-12-25 20:13:18 +0800
commit: b41925cee3d67a1fe546c7a219174e4a8b2302b7 (patch)
tree: c5d40048ba59379dc62821a19ecb4257499a6ee6 /modules/setting/cors.go
parent: d0f24ff4cad05c1145afeca791e7d02fe146d46a (diff)
download: gitea-b41925cee3d67a1fe546c7a219174e4a8b2302b7.tar.gz
gitea-b41925cee3d67a1fe546c7a219174e4a8b2302b7.zip
1 files changed, 1 insertions, 3 deletions
diff --git a/modules/setting/cors.go b/modules/setting/cors.go
index bafbbab64f..63daaad60b 100644
--- a/modules/setting/cors.go
+++ b/modules/setting/cors.go
@@ -12,9 +12,7 @@ import (
 // CORSConfig defines CORS settings
 var CORSConfig = struct {
 	Enabled          bool
-	Scheme           string
-	AllowDomain      []string
-	AllowSubdomain   bool
+	AllowDomain      []string // FIXME: this option is from legacy code, it actually works as "AllowedOrigins". When refactoring in the future, the config option should also be renamed together.
 	Methods          []string
 	MaxAge           time.Duration
 	AllowCredentials bool
author	wxiaoguang <wxiaoguang@gmail.com>	2023-12-25 20:13:18 +0800
committer	GitHub <noreply@github.com>	2023-12-25 20:13:18 +0800
commit	b41925cee3d67a1fe546c7a219174e4a8b2302b7 (patch)
tree	c5d40048ba59379dc62821a19ecb4257499a6ee6 /modules/setting/cors.go
parent	d0f24ff4cad05c1145afeca791e7d02fe146d46a (diff)
download	gitea-b41925cee3d67a1fe546c7a219174e4a8b2302b7.tar.gz gitea-b41925cee3d67a1fe546c7a219174e4a8b2302b7.zip