Add configuration for CORS allowed headers (#21747)

This PR enhances the CORS middleware usage by allowing for the headers to be configured in `app.ini`. Fixes #21746 Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
author: Drew Noel <drew.noel@aon.com> 2022-11-11 01:39:27 -0500
committer: GitHub <noreply@github.com> 2022-11-11 14:39:27 +0800
commit: 2cbea23d700df9a45899e5de40e93e1a73354ce1 (patch)
tree: 5df074cfe7ad301b4ccc1e19b1a45e91178e03ed /modules/setting/cors.go
parent: fb704f6c7248a13b29300e161bd28c52115aeb22 (diff)
download: gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.tar.gz
gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/modules/setting/cors.go b/modules/setting/cors.go
index a843194ff9..74ec6618a5 100644
--- a/modules/setting/cors.go
+++ b/modules/setting/cors.go
@@ -19,10 +19,12 @@ var CORSConfig = struct {
 	Methods          []string
 	MaxAge           time.Duration
 	AllowCredentials bool
+	Headers          []string
 	XFrameOptions    string
 }{
 	Enabled:       false,
 	MaxAge:        10 * time.Minute,
+	Headers:       []string{"Content-Type", "User-Agent"},
 	XFrameOptions: "SAMEORIGIN",
 }
author	Drew Noel <drew.noel@aon.com>	2022-11-11 01:39:27 -0500
committer	GitHub <noreply@github.com>	2022-11-11 14:39:27 +0800
commit	2cbea23d700df9a45899e5de40e93e1a73354ce1 (patch)
tree	5df074cfe7ad301b4ccc1e19b1a45e91178e03ed /modules/setting/cors.go
parent	fb704f6c7248a13b29300e161bd28c52115aeb22 (diff)
download	gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.tar.gz gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.zip