web/forgejo
10
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4

Add configuration for CORS allowed headers (#21747)

Browse source 
This PR enhances the CORS middleware usage by allowing for the headers
to be configured in `app.ini`.

Fixes #21746

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This commit is contained in:
Drew Noel 2022-11-11 01:39:27 -05:00 committed by GitHub
parent fb704f6c72
commit 2cbea23d70
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
modules/setting/cors.go
View file

@ -19,10 +19,12 @@ var CORSConfig = struct {
Methods []string
MaxAge time.Duration
AllowCredentials bool
Headers []string
XFrameOptions string
}{
Enabled: false,
MaxAge: 10 * time.Minute,
Headers: []string{"Content-Type", "User-Agent"},
XFrameOptions: "SAMEORIGIN",
}