Add configuration for CORS allowed headers (#21747)

This PR enhances the CORS middleware usage by allowing for the headers to be configured in `app.ini`. Fixes #21746 Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
author: Drew Noel <drew.noel@aon.com> 2022-11-11 01:39:27 -0500
committer: GitHub <noreply@github.com> 2022-11-11 14:39:27 +0800
commit: 2cbea23d700df9a45899e5de40e93e1a73354ce1 (patch)
tree: 5df074cfe7ad301b4ccc1e19b1a45e91178e03ed /routers/web/web.go
parent: fb704f6c7248a13b29300e161bd28c52115aeb22 (diff)
download: gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.tar.gz
gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/routers/web/web.go b/routers/web/web.go
index 48b33813c9..d0ee9c5eac 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -67,6 +67,7 @@ func CorsHandler() func(next http.Handler) http.Handler {
 			// setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option
 			AllowedMethods:   setting.CORSConfig.Methods,
 			AllowCredentials: setting.CORSConfig.AllowCredentials,
+			AllowedHeaders:   setting.CORSConfig.Headers,
 			MaxAge:           int(setting.CORSConfig.MaxAge.Seconds()),
 		})
 	}
author	Drew Noel <drew.noel@aon.com>	2022-11-11 01:39:27 -0500
committer	GitHub <noreply@github.com>	2022-11-11 14:39:27 +0800
commit	2cbea23d700df9a45899e5de40e93e1a73354ce1 (patch)
tree	5df074cfe7ad301b4ccc1e19b1a45e91178e03ed /routers/web/web.go
parent	fb704f6c7248a13b29300e161bd28c52115aeb22 (diff)
download	gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.tar.gz gitea-2cbea23d700df9a45899e5de40e93e1a73354ce1.zip