Browse Source
Set AllowedHeaders on API CORS handler (#16524)
Set AllowedHeaders on API CORS handler and add missing Access-Control-Expose-Headers to pull API. Fix #16100 Signed-off-by: Andrew Thornton <art27@cantab.net>tags/v1.16.0-rc1
zeripath
2 years ago
2 changed files with 2 additions and 0 deletions
+ 1
- 0
routers/api/v1/api.go
View File
| @@ -569,6 +569,7 @@ func Routes() *web.Route { | |||
| //setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option | |||
| AllowedMethods: setting.CORSConfig.Methods, | |||
| AllowCredentials: setting.CORSConfig.AllowCredentials, | |||
| AllowedHeaders: []string{"Authorization", "X-CSRFToken", "X-Gitea-OTP"}, | |||
| MaxAge: int(setting.CORSConfig.MaxAge.Seconds()), | |||
| })) | |||
| } | |||
+ 1
- 0
routers/api/v1/repo/pull.go
View File
| @@ -1254,5 +1254,6 @@ func GetPullRequestCommits(ctx *context.APIContext) { | |||
| ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", totalNumberOfCommits)) | |||
| ctx.Header().Set("X-PageCount", strconv.Itoa(totalNumberOfPages)) | |||
| ctx.Header().Set("X-HasMore", strconv.FormatBool(listOptions.Page < totalNumberOfPages)) | |||
| ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, X-PerPage, X-Total, X-PageCount, X-HasMore, Link") | |||
| ctx.JSON(http.StatusOK, &apiCommits) | |||
| } | |||
Loading…