diff options
| author | Tamal Saha <tamal@appscode.com> | 2019-05-13 08:38:53 -0700 |
|---|---|---|
| committer | techknowlogick <techknowlogick@gitea.io> | 2019-05-13 11:38:53 -0400 |
| commit | 34d06f4c6b23dfc458d51e9e3827c9400a87e84d (patch) | |
| tree | a68b3f707251a11383ff056debfb1a933c0729d2 /routers/api/v1 | |
| parent | 6fb58a8cdcd76aa45902e50da8f2b450fe9d3d35 (diff) | |
| download | gitea-34d06f4c6b23dfc458d51e9e3827c9400a87e84d.tar.gz gitea-34d06f4c6b23dfc458d51e9e3827c9400a87e84d.zip | |
Handle CORS requests (#6289)
Diffstat (limited to 'routers/api/v1')
| -rw-r--r-- | routers/api/v1/api.go | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index dfe705f7a8..ae64e887ca 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -74,7 +74,8 @@ import ( "code.gitea.io/gitea/routers/api/v1/user" "github.com/go-macaron/binding" - "gopkg.in/macaron.v1" + "github.com/go-macaron/cors" + macaron "gopkg.in/macaron.v1" ) func sudo() macaron.Handler { @@ -500,6 +501,12 @@ func RegisterRoutes(m *macaron.Macaron) { m.Get("/swagger", misc.Swagger) //Render V1 by default } + var handlers []macaron.Handler + if setting.EnableCORS { + handlers = append(handlers, cors.CORS(setting.CORSConfig)) + } + handlers = append(handlers, securityHeaders(), context.APIContexter(), sudo()) + m.Group("/v1", func() { // Miscellaneous if setting.API.EnableSwagger { @@ -841,5 +848,15 @@ func RegisterRoutes(m *macaron.Macaron) { m.Group("/topics", func() { m.Get("/search", repo.TopicSearch) }) - }, context.APIContexter(), sudo()) + }, handlers...) +} + +func securityHeaders() macaron.Handler { + return func(ctx *macaron.Context) { + ctx.Resp.Before(func(w macaron.ResponseWriter) { + // CORB: https://www.chromium.org/Home/chromium-security/corb-for-developers + // http://stackoverflow.com/a/3146618/244009 + w.Header().Set("x-content-type-options", "nosniff") + }) + } } |