Add CORS config on to /login/oauth/access_token endpoint (#14850)
Fix #7204 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
This commit is contained in:
parent
59d1cc49f1
commit
0044e80491
|
@ -47,6 +47,7 @@ import (
|
||||||
"gitea.com/go-chi/session"
|
"gitea.com/go-chi/session"
|
||||||
"github.com/NYTimes/gziphandler"
|
"github.com/NYTimes/gziphandler"
|
||||||
"github.com/go-chi/chi/middleware"
|
"github.com/go-chi/chi/middleware"
|
||||||
|
"github.com/go-chi/cors"
|
||||||
"github.com/prometheus/client_golang/prometheus"
|
"github.com/prometheus/client_golang/prometheus"
|
||||||
"github.com/tstranex/u2f"
|
"github.com/tstranex/u2f"
|
||||||
"github.com/unknwon/com"
|
"github.com/unknwon/com"
|
||||||
|
@ -389,7 +390,18 @@ func RegisterRoutes(m *web.Route) {
|
||||||
// TODO manage redirection
|
// TODO manage redirection
|
||||||
m.Post("/authorize", bindIgnErr(auth.AuthorizationForm{}), user.AuthorizeOAuth)
|
m.Post("/authorize", bindIgnErr(auth.AuthorizationForm{}), user.AuthorizeOAuth)
|
||||||
}, ignSignInAndCsrf, reqSignIn)
|
}, ignSignInAndCsrf, reqSignIn)
|
||||||
m.Post("/login/oauth/access_token", bindIgnErr(auth.AccessTokenForm{}), ignSignInAndCsrf, user.AccessTokenOAuth)
|
if setting.CORSConfig.Enabled {
|
||||||
|
m.Post("/login/oauth/access_token", cors.Handler(cors.Options{
|
||||||
|
//Scheme: setting.CORSConfig.Scheme, // FIXME: the cors middleware needs scheme option
|
||||||
|
AllowedOrigins: setting.CORSConfig.AllowDomain,
|
||||||
|
//setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option
|
||||||
|
AllowedMethods: setting.CORSConfig.Methods,
|
||||||
|
AllowCredentials: setting.CORSConfig.AllowCredentials,
|
||||||
|
MaxAge: int(setting.CORSConfig.MaxAge.Seconds()),
|
||||||
|
}), bindIgnErr(auth.AccessTokenForm{}), ignSignInAndCsrf, user.AccessTokenOAuth)
|
||||||
|
} else {
|
||||||
|
m.Post("/login/oauth/access_token", bindIgnErr(auth.AccessTokenForm{}), ignSignInAndCsrf, user.AccessTokenOAuth)
|
||||||
|
}
|
||||||
|
|
||||||
m.Group("/user/settings", func() {
|
m.Group("/user/settings", func() {
|
||||||
m.Get("", userSetting.Profile)
|
m.Get("", userSetting.Profile)
|
||||||
|
|
Loading…
Reference in a new issue