Skip to content

Commit c47065c

Browse files
authored
Set AllowedHeaders on API CORS handler (#16524) (#16618)
Backport #16524 Set AllowedHeaders on API CORS handler and add missing Access-Control-Expose-Headers to pull API. Fix #16100 Signed-off-by: Andrew Thornton <art27@cantab.net>
1 parent 719e2f2 commit c47065c

File tree

2 files changed

+2
-0
lines changed

2 files changed

+2
-0
lines changed

routers/api/v1/api.go

+1
Original file line numberDiff line numberDiff line change
@@ -569,6 +569,7 @@ func Routes() *web.Route {
569569
//setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option
570570
AllowedMethods: setting.CORSConfig.Methods,
571571
AllowCredentials: setting.CORSConfig.AllowCredentials,
572+
AllowedHeaders: []string{"Authorization", "X-CSRFToken", "X-Gitea-OTP"},
572573
MaxAge: int(setting.CORSConfig.MaxAge.Seconds()),
573574
}))
574575
}

routers/api/v1/repo/pull.go

+1
Original file line numberDiff line numberDiff line change
@@ -1254,5 +1254,6 @@ func GetPullRequestCommits(ctx *context.APIContext) {
12541254
ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", totalNumberOfCommits))
12551255
ctx.Header().Set("X-PageCount", strconv.Itoa(totalNumberOfPages))
12561256
ctx.Header().Set("X-HasMore", strconv.FormatBool(listOptions.Page < totalNumberOfPages))
1257+
ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, X-PerPage, X-Total, X-PageCount, X-HasMore, Link")
12571258
ctx.JSON(http.StatusOK, &apiCommits)
12581259
}

0 commit comments

Comments
 (0)