Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(CORS): CORS on git smart http protocol can not work. fixes #16350 #16491

Closed
wants to merge 4 commits into from
Closed

fix(CORS): CORS on git smart http protocol can not work. fixes #16350 #16491

wants to merge 4 commits into from

Conversation

snowyu
Copy link

@snowyu snowyu commented Jul 20, 2021

No description provided.

lunny
lunny reviewed Jul 20, 2021
View reviewed changes
routers/web/web.go
m.Get("/objects/info/{file:[^/]*}", CorsHandler(), repo.GetTextFile(""))
m.Get("/objects/{head:[0-9a-f]{2}}/{hash:[0-9a-f]{38}}", CorsHandler(), repo.GetLooseObject)
m.Get("/objects/pack/pack-{file:[0-9a-f]{40}}.pack", CorsHandler(), repo.GetPackFile)
m.Get("/objects/pack/pack-{file:[0-9a-f]{40}}.idx", CorsHandler(), repo.GetIdxFile)
}, ignSignInAndCsrf)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just add it after ignSignInAdnCsrf is better.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've tried this. But it does not work. MUST PUT CorsHandler in first.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Then move the CorsHandler call first...

m.Group("", CorsHandler(), func() { ... }, ignSignInAndCsrf)

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jul 20, 2021
snowyu and others added 3 commits July 20, 2021 14:18
@snowyu
fix(CORS): forget allow headers
1ed99e8
@snowyu
fix(CORS): adding CorsHandler can not work now after merge main, so t…
566b248 
…he workaround it is, do not merge
@zeripath
fix formatting
0d0a71a 
Signed-off-by: Andrew Thornton <art27@cantab.net>
zeripath
zeripath reviewed Jul 20, 2021
View reviewed changes
routers/web/web.go
Comment on lines +150 to +165
///*
if setting.CORSConfig.Enabled {
corsHandle := cors.Handler(cors.Options{
//Scheme: setting.CORSConfig.Scheme, // FIXME: the cors middleware needs scheme option
AllowedOrigins: setting.CORSConfig.AllowDomain,
//setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option
AllowedMethods: setting.CORSConfig.Methods,
AllowedHeaders: []string{"*"},
// OptionsPassthrough: true,
Debug: true,
AllowCredentials: setting.CORSConfig.AllowCredentials,
MaxAge: int(setting.CORSConfig.MaxAge.Seconds()),
})
common = append(common, corsHandle)
}
//*/
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why this section if you're adding it specifically below?

@codecov-commenter
Copy link

Codecov Report

Merging #16491 (0d0a71a) into main (e01b782) will increase coverage by 0.16%.
The diff coverage is 52.17%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main   #16491      +/-   ##
==========================================
+ Coverage   45.33%   45.49%   +0.16%     
==========================================
  Files         718      718              
  Lines       84202    84258      +56     
==========================================
+ Hits        38169    38337     +168     
+ Misses      39895    39758     -137     
- Partials     6138     6163      +25
Impacted Files Coverage Δ
routers/web/web.go 90.44% <52.17%> (-1.29%) ⬇️
modules/git/tree.go 61.11% <0.00%> (-30.56%) ⬇️
modules/util/remove.go 48.00% <0.00%> (-10.54%) ⬇️
models/gpg_key_common.go 59.67% <0.00%> (-4.84%) ⬇️
modules/log/event.go 58.96% <0.00%> (-2.84%) ⬇️
modules/queue/workerpool.go 53.81% <0.00%> (-2.30%) ⬇️
modules/git/blame.go 65.71% <0.00%> (-1.43%) ⬇️
services/pull/pull.go 42.36% <0.00%> (+0.43%) ⬆️
models/repo_list.go 77.82% <0.00%> (+0.77%) ⬆️
models/notification.go 65.85% <0.00%> (+0.88%) ⬆️
... and 11 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update e01b782...0d0a71a. Read the comment docs.

zeripath
zeripath reviewed Jul 20, 2021
View reviewed changes
routers/web/web.go
@@ -60,6 +60,7 @@ func CorsHandler() func(next http.Handler) http.Handler {
AllowedOrigins: setting.CORSConfig.AllowDomain,
//setting.CORSConfig.AllowSubdomain // FIXME: the cors middleware needs allowSubdomain option
AllowedMethods: setting.CORSConfig.Methods,
AllowedHeaders: []string{"*"},
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mostly we've just added the correct headers we need so in general I think this is a mistake.

zeripath added a commit to zeripath/gitea that referenced this pull request Jul 20, 2021
@zeripath
Restore CORS on git smart http protocol
a5819d9 
Unfortunately the chi changes have resulted in the CORS headers for the
git smart http protocol going missing.

This is mostly because the OPTIONS method is not being handled by
httpBase anymore.

This PR adds a GetOptions, PostOptions and Options methods to web
handler to allow OPTIONS method requests to still reach the httpBase
function.

Fix go-gitea#16350
Close go-gitea#16491

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath mentioned this pull request Jul 20, 2021
Merged
@zeripath
Copy link
Contributor

Please could you try #16496 instead.

@lunny lunny closed this in #16496 Jul 21, 2021
lunny added a commit that referenced this pull request Jul 21, 2021
@zeripath @lunny
Restore CORS on git smart http protocol (#16496)
28f6f7b 
Unfortunately the chi changes have resulted in the CORS headers for the
git smart http protocol going missing.

This is mostly because the OPTIONS method is not being handled by
httpBase anymore.

This PR adds a GetOptions, PostOptions and Options methods to web
handler to allow OPTIONS method requests to still reach the httpBase
function.

Fix #16350
Close #16491

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
zeripath added a commit to zeripath/gitea that referenced this pull request Jul 21, 2021
@zeripath
Restore CORS on git smart http protocol (go-gitea#16496)
c5dfc4b 
Backport go-gitea#16496

Unfortunately the chi changes have resulted in the CORS headers for the
git smart http protocol going missing.

This is mostly because the OPTIONS method is not being handled by
httpBase anymore.

This PR adds a GetOptions, PostOptions and Options methods to web
handler to allow OPTIONS method requests to still reach the httpBase
function.

Fix go-gitea#16350
Close go-gitea#16491

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath mentioned this pull request Jul 21, 2021
Merged
zeripath added a commit that referenced this pull request Jul 21, 2021
@zeripath
Restore CORS on git smart http protocol (#16496) (#16506)
1f5011d 
Backport #16496

Unfortunately the chi changes have resulted in the CORS headers for the
git smart http protocol going missing.

This is mostly because the OPTIONS method is not being handled by
httpBase anymore.

This PR adds a GetOptions, PostOptions and Options methods to web
handler to allow OPTIONS method requests to still reach the httpBase
function.

Fix #16350
Close #16491

Signed-off-by: Andrew Thornton <art27@cantab.net>
AbdulrhmnGhanem pushed a commit to kitspace/gitea that referenced this pull request Aug 10, 2021
@zeripath @lunny @AbdulrhmnGhanem
Restore CORS on git smart http protocol (go-gitea#16496)
8e93202 
Unfortunately the chi changes have resulted in the CORS headers for the
git smart http protocol going missing.

This is mostly because the OPTIONS method is not being handled by
httpBase anymore.

This PR adds a GetOptions, PostOptions and Options methods to web
handler to allow OPTIONS method requests to still reach the httpBase
function.

Fix go-gitea#16350
Close go-gitea#16491

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
@go-gitea go-gitea locked and limited conversation to collaborators Oct 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@zeripath zeripath zeripath left review comments

@lunny lunny lunny left review comments

Assignees
No one assigned
Labels
lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@snowyu @codecov-commenter @zeripath @lunny @GiteaBot