mirror of https://github.com/go-gitea/gitea.git
Make CORS work for oauth2 handlers (#28184)
Fix #25473 Although there was `m.Post("/login/oauth/access_token", CorsHandler()...`, it never really worked, because it still lacks the "OPTIONS" handler.
This commit is contained in:
parent
778d604346
commit
7c0ab8b974
|
@ -136,6 +136,10 @@ func (r *Route) Get(pattern string, h ...any) {
|
||||||
r.Methods("GET", pattern, h...)
|
r.Methods("GET", pattern, h...)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (r *Route) Options(pattern string, h ...any) {
|
||||||
|
r.Methods("OPTIONS", pattern, h...)
|
||||||
|
}
|
||||||
|
|
||||||
// GetOptions delegate get and options method
|
// GetOptions delegate get and options method
|
||||||
func (r *Route) GetOptions(pattern string, h ...any) {
|
func (r *Route) GetOptions(pattern string, h ...any) {
|
||||||
r.Methods("GET,OPTIONS", pattern, h...)
|
r.Methods("GET,OPTIONS", pattern, h...)
|
||||||
|
|
|
@ -33,6 +33,10 @@ func DummyOK(w http.ResponseWriter, req *http.Request) {
|
||||||
w.WriteHeader(http.StatusOK)
|
w.WriteHeader(http.StatusOK)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func DummyBadRequest(w http.ResponseWriter, req *http.Request) {
|
||||||
|
w.WriteHeader(http.StatusBadRequest)
|
||||||
|
}
|
||||||
|
|
||||||
func RobotsTxt(w http.ResponseWriter, req *http.Request) {
|
func RobotsTxt(w http.ResponseWriter, req *http.Request) {
|
||||||
robotsTxt := util.FilePathJoinAbs(setting.CustomPath, "public/robots.txt")
|
robotsTxt := util.FilePathJoinAbs(setting.CustomPath, "public/robots.txt")
|
||||||
if ok, _ := util.IsExist(robotsTxt); !ok {
|
if ok, _ := util.IsExist(robotsTxt); !ok {
|
||||||
|
|
|
@ -533,8 +533,10 @@ func registerRoutes(m *web.Route) {
|
||||||
m.Post("/authorize", web.Bind(forms.AuthorizationForm{}), auth.AuthorizeOAuth)
|
m.Post("/authorize", web.Bind(forms.AuthorizationForm{}), auth.AuthorizeOAuth)
|
||||||
}, ignSignInAndCsrf, reqSignIn)
|
}, ignSignInAndCsrf, reqSignIn)
|
||||||
m.Get("/login/oauth/userinfo", ignSignInAndCsrf, auth.InfoOAuth)
|
m.Get("/login/oauth/userinfo", ignSignInAndCsrf, auth.InfoOAuth)
|
||||||
|
m.Options("/login/oauth/access_token", CorsHandler(), misc.DummyBadRequest)
|
||||||
m.Post("/login/oauth/access_token", CorsHandler(), web.Bind(forms.AccessTokenForm{}), ignSignInAndCsrf, auth.AccessTokenOAuth)
|
m.Post("/login/oauth/access_token", CorsHandler(), web.Bind(forms.AccessTokenForm{}), ignSignInAndCsrf, auth.AccessTokenOAuth)
|
||||||
m.Get("/login/oauth/keys", ignSignInAndCsrf, auth.OIDCKeys)
|
m.Get("/login/oauth/keys", ignSignInAndCsrf, auth.OIDCKeys)
|
||||||
|
m.Options("/login/oauth/introspect", CorsHandler(), misc.DummyBadRequest)
|
||||||
m.Post("/login/oauth/introspect", CorsHandler(), web.Bind(forms.IntrospectTokenForm{}), ignSignInAndCsrf, auth.IntrospectOAuth)
|
m.Post("/login/oauth/introspect", CorsHandler(), web.Bind(forms.IntrospectTokenForm{}), ignSignInAndCsrf, auth.IntrospectOAuth)
|
||||||
|
|
||||||
m.Group("/user/settings", func() {
|
m.Group("/user/settings", func() {
|
||||||
|
|
Loading…
Reference in New Issue