Add configuration for CORS allowed headers (#21747)

This PR enhances the CORS middleware usage by allowing for the headers to be configured in `app.ini`. Fixes #21746 Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
author: Drew Noel <drew.noel@aon.com> 2022-11-11 01:39:27 -0500
committer: GitHub <noreply@github.com> 2022-11-11 14:39:27 +0800
commit: 2cbea23d700df9a45899e5de40e93e1a73354ce1 (patch)
tree: 5df074cfe7ad301b4ccc1e19b1a45e91178e03ed /routers/api
parent: fb704f6c7248a13b29300e161bd28c52115aeb22 (diff)
download: gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.tar.gz
gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go
index 0d11674aa9..4b27270840 100644
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -617,7 +617,7 @@ func Routes(ctx gocontext.Context) *web.Route {
 			// setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option
 			AllowedMethods:   setting.CORSConfig.Methods,
 			AllowCredentials: setting.CORSConfig.AllowCredentials,
-			AllowedHeaders:   []string{"Authorization", "X-Gitea-OTP"},
+			AllowedHeaders:   append([]string{"Authorization", "X-Gitea-OTP"}, setting.CORSConfig.Headers...),
 			MaxAge:           int(setting.CORSConfig.MaxAge.Seconds()),
 		}))
 	}
author	Drew Noel <drew.noel@aon.com>	2022-11-11 01:39:27 -0500
committer	GitHub <noreply@github.com>	2022-11-11 14:39:27 +0800
commit	2cbea23d700df9a45899e5de40e93e1a73354ce1 (patch)
tree	5df074cfe7ad301b4ccc1e19b1a45e91178e03ed /routers/api
parent	fb704f6c7248a13b29300e161bd28c52115aeb22 (diff)
download	gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.tar.gz gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.zip