mirror of
				https://github.com/go-gitea/gitea.git
				synced 2025-10-27 00:23:41 +09:00 
			
		
		
		
	Fix incorrect CORS response in Http Git handler (#24303)
Use the general `cors.Handler` for CORS
This commit is contained in:
		| @@ -32,43 +32,31 @@ import ( | ||||
| 	"code.gitea.io/gitea/modules/structs" | ||||
| 	"code.gitea.io/gitea/modules/util" | ||||
| 	repo_service "code.gitea.io/gitea/services/repository" | ||||
|  | ||||
| 	"github.com/go-chi/cors" | ||||
| ) | ||||
|  | ||||
| func HTTPGitEnabledHandler(ctx *context.Context) { | ||||
| 	if setting.Repository.DisableHTTPGit { | ||||
| 		ctx.Resp.WriteHeader(http.StatusForbidden) | ||||
| 		_, _ = ctx.Resp.Write([]byte("Interacting with repositories by HTTP protocol is not allowed")) | ||||
| 	} | ||||
| } | ||||
|  | ||||
| func CorsHandler() func(next http.Handler) http.Handler { | ||||
| 	if setting.Repository.AccessControlAllowOrigin != "" { | ||||
| 		return cors.Handler(cors.Options{ | ||||
| 			AllowedOrigins: []string{setting.Repository.AccessControlAllowOrigin}, | ||||
| 			AllowedHeaders: []string{"Content-Type", "Authorization", "User-Agent"}, | ||||
| 		}) | ||||
| 	} | ||||
| 	return func(next http.Handler) http.Handler { | ||||
| 		return next | ||||
| 	} | ||||
| } | ||||
|  | ||||
| // httpBase implementation git smart HTTP protocol | ||||
| func httpBase(ctx *context.Context) (h *serviceHandler) { | ||||
| 	if setting.Repository.DisableHTTPGit { | ||||
| 		ctx.Resp.WriteHeader(http.StatusForbidden) | ||||
| 		_, err := ctx.Resp.Write([]byte("Interacting with repositories by HTTP protocol is not allowed")) | ||||
| 		if err != nil { | ||||
| 			log.Error(err.Error()) | ||||
| 		} | ||||
| 		return | ||||
| 	} | ||||
|  | ||||
| 	if len(setting.Repository.AccessControlAllowOrigin) > 0 { | ||||
| 		allowedOrigin := setting.Repository.AccessControlAllowOrigin | ||||
| 		// Set CORS headers for browser-based git clients | ||||
| 		ctx.Resp.Header().Set("Access-Control-Allow-Origin", allowedOrigin) | ||||
| 		ctx.Resp.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization, User-Agent") | ||||
|  | ||||
| 		// Handle preflight OPTIONS request | ||||
| 		if ctx.Req.Method == "OPTIONS" { | ||||
| 			if allowedOrigin == "*" { | ||||
| 				ctx.Status(http.StatusOK) | ||||
| 			} else if allowedOrigin == "null" { | ||||
| 				ctx.Status(http.StatusForbidden) | ||||
| 			} else { | ||||
| 				origin := ctx.Req.Header.Get("Origin") | ||||
| 				if len(origin) > 0 && origin == allowedOrigin { | ||||
| 					ctx.Status(http.StatusOK) | ||||
| 				} else { | ||||
| 					ctx.Status(http.StatusForbidden) | ||||
| 				} | ||||
| 			} | ||||
| 			return | ||||
| 		} | ||||
| 	} | ||||
|  | ||||
| 	username := ctx.Params(":username") | ||||
| 	reponame := strings.TrimSuffix(ctx.Params(":reponame"), ".git") | ||||
|  | ||||
|   | ||||
| @@ -1515,7 +1515,7 @@ func RegisterRoutes(m *web.Route) { | ||||
| 				m.GetOptions("/objects/{head:[0-9a-f]{2}}/{hash:[0-9a-f]{38}}", repo.GetLooseObject) | ||||
| 				m.GetOptions("/objects/pack/pack-{file:[0-9a-f]{40}}.pack", repo.GetPackFile) | ||||
| 				m.GetOptions("/objects/pack/pack-{file:[0-9a-f]{40}}.idx", repo.GetIdxFile) | ||||
| 			}, ignSignInAndCsrf, context_service.UserAssignmentWeb()) | ||||
| 			}, ignSignInAndCsrf, repo.HTTPGitEnabledHandler, repo.CorsHandler(), context_service.UserAssignmentWeb()) | ||||
| 		}) | ||||
| 	}) | ||||
| 	// ***** END: Repository ***** | ||||
|   | ||||
		Reference in New Issue
	
	Block a user