-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refactor CORS handler #28587
Refactor CORS handler #28587
Conversation
No, it is not "breaking", these options are all no-op for long time. So, nothing is breaking. |
I was unable to create a backport for 1.21. @wxiaoguang, please send one manually. 🍵
|
The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix go-gitea#28515 Fix go-gitea#27642 Fix go-gitea#17098 # Conflicts: # tests/integration/cors_test.go
Sorry for the delay but does this PR really fix #27642 ? I get the same error that the issue was reporting: $ curl -X 'GET' 'https://try.gitea.io/api/v1/users/wiktor/keys' -H 'accept: application/json' -i -H Origin:https://github.com
HTTP/2 401
alt-svc: h3=":443"; ma=2592000
cache-control: max-age=0, private, must-revalidate, no-transform
content-type: application/json;charset=utf-8
date: Mon, 25 Dec 2023 15:55:53 GMT
server: Caddy
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-length: 73
{"message":"token is required","url":"https://try.gitea.io/api/swagger"} (I've checked the version endpoint and it seems to contain this merged PR). Thanks for your time! 👋 |
I guess "try.gitea.io" doesn't enable CORS handler. If you have deployed your own Gitea instance, could you try to set |
* giteaofficial/main: [skip ci] Updated translations via Crowdin Refactor deletion (go-gitea#28610) Refactor CORS handler (go-gitea#28587)
The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix go-gitea#28515 Fix go-gitea#27642 Fix go-gitea#17098
I can confirm this makes all the difference and I'm seeing the headers. (I wonder why CORS is not the default though, but okay). Thanks for helping me diagnose that! (and sorry for the delay) 👋 |
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/gitea/gitea](https://github.com/go-gitea/gitea) | patch | `1.21.3` -> `1.21.4` | --- ### Release Notes <details> <summary>go-gitea/gitea (docker.io/gitea/gitea)</summary> ### [`v1.21.4`](https://github.com/go-gitea/gitea/releases/tag/v1.21.4) [Compare Source](go-gitea/gitea@v1.21.3...v1.21.4) - SECURITY - Update github.com/cloudflare/circl ([#​28789](go-gitea/gitea#28789)) ([#​28790](go-gitea/gitea#28790)) - Require token for GET subscription endpoint ([#​28765](go-gitea/gitea#28765)) ([#​28768](go-gitea/gitea#28768)) - BUGFIXES - Use refname:strip-2 instead of refname:short when syncing tags ([#​28797](go-gitea/gitea#28797)) ([#​28811](go-gitea/gitea#28811)) - Fix links in issue card ([#​28806](go-gitea/gitea#28806)) ([#​28807](go-gitea/gitea#28807)) - Fix nil pointer panic when exec some gitea cli command ([#​28791](go-gitea/gitea#28791)) ([#​28795](go-gitea/gitea#28795)) - Require token for GET subscription endpoint ([#​28765](go-gitea/gitea#28765)) ([#​28778](go-gitea/gitea#28778)) - Fix button size in "attached header right" ([#​28770](go-gitea/gitea#28770)) ([#​28774](go-gitea/gitea#28774)) - Fix `convert.ToTeams` on empty input ([#​28426](go-gitea/gitea#28426)) ([#​28767](go-gitea/gitea#28767)) - Hide code related setting options in repository when code unit is disabled ([#​28631](go-gitea/gitea#28631)) ([#​28749](go-gitea/gitea#28749)) - Fix incorrect URL for "Reference in New Issue" ([#​28716](go-gitea/gitea#28716)) ([#​28723](go-gitea/gitea#28723)) - Fix panic when parsing empty pgsql host ([#​28708](go-gitea/gitea#28708)) ([#​28709](go-gitea/gitea#28709)) - Upgrade xorm to new version which supported update join for all supported databases ([#​28590](go-gitea/gitea#28590)) ([#​28668](go-gitea/gitea#28668)) - Fix alpine package files are not rebuilt ([#​28638](go-gitea/gitea#28638)) ([#​28665](go-gitea/gitea#28665)) - Avoid cycle-redirecting user/login page ([#​28636](go-gitea/gitea#28636)) ([#​28658](go-gitea/gitea#28658)) - Fix empty ref for cron workflow runs ([#​28640](go-gitea/gitea#28640)) ([#​28647](go-gitea/gitea#28647)) - Remove unnecessary syncbranchToDB with tests ([#​28624](go-gitea/gitea#28624)) ([#​28629](go-gitea/gitea#28629)) - Use known issue IID to generate new PR index number when migrating from GitLab ([#​28616](go-gitea/gitea#28616)) ([#​28618](go-gitea/gitea#28618)) - Fix flex container width ([#​28603](go-gitea/gitea#28603)) ([#​28605](go-gitea/gitea#28605)) - Fix the scroll behavior for emoji/mention list ([#​28597](go-gitea/gitea#28597)) ([#​28601](go-gitea/gitea#28601)) - Fix wrong due date rendering in issue list page ([#​28588](go-gitea/gitea#28588)) ([#​28591](go-gitea/gitea#28591)) - Fix `status_check_contexts` matching bug ([#​28582](go-gitea/gitea#28582)) ([#​28589](go-gitea/gitea#28589)) - Fix 500 error of searching commits ([#​28576](go-gitea/gitea#28576)) ([#​28579](go-gitea/gitea#28579)) - Use information from previous blame parts ([#​28572](go-gitea/gitea#28572)) ([#​28577](go-gitea/gitea#28577)) - Update mermaid for 1.21 ([#​28571](go-gitea/gitea#28571)) - Fix 405 method not allowed CORS / OIDC ([#​28583](go-gitea/gitea#28583)) ([#​28586](go-gitea/gitea#28586)) ([#​28587](go-gitea/gitea#28587)) ([#​28611](go-gitea/gitea#28611)) - Fix `GetCommitStatuses` ([#​28787](go-gitea/gitea#28787)) ([#​28804](go-gitea/gitea#28804)) - Forbid removing the last admin user ([#​28337](go-gitea/gitea#28337)) ([#​28793](go-gitea/gitea#28793)) - Fix schedule tasks bugs ([#​28691](go-gitea/gitea#28691)) ([#​28780](go-gitea/gitea#28780)) - Fix issue dependencies ([#​27736](go-gitea/gitea#27736)) ([#​28776](go-gitea/gitea#28776)) - Fix system webhooks API bug ([#​28531](go-gitea/gitea#28531)) ([#​28666](go-gitea/gitea#28666)) - Fix when private user following user, private user will not be counted in his own view ([#​28037](go-gitea/gitea#28037)) ([#​28792](go-gitea/gitea#28792)) - Render code block in activity tab ([#​28816](go-gitea/gitea#28816)) ([#​28818](go-gitea/gitea#28818)) - ENHANCEMENTS - Rework markup link rendering ([#​26745](go-gitea/gitea#26745)) ([#​28803](go-gitea/gitea#28803)) - Modernize merge button ([#​28140](go-gitea/gitea#28140)) ([#​28786](go-gitea/gitea#28786)) - Speed up loading the dashboard on mysql/mariadb ([#​28546](go-gitea/gitea#28546)) ([#​28784](go-gitea/gitea#28784)) - Assign pull request to project during creation ([#​28227](go-gitea/gitea#28227)) ([#​28775](go-gitea/gitea#28775)) - Show description as tooltip instead of title for labels ([#​28754](go-gitea/gitea#28754)) ([#​28766](go-gitea/gitea#28766)) - Make template `DateTime` show proper tooltip ([#​28677](go-gitea/gitea#28677)) ([#​28683](go-gitea/gitea#28683)) - Switch destination directory for apt signing keys ([#​28639](go-gitea/gitea#28639)) ([#​28642](go-gitea/gitea#28642)) - Include heap pprof in diagnosis report to help debugging memory leaks ([#​28596](go-gitea/gitea#28596)) ([#​28599](go-gitea/gitea#28599)) - DOCS - Suggest to use Type=simple for systemd service ([#​28717](go-gitea/gitea#28717)) ([#​28722](go-gitea/gitea#28722)) - Extend description for ARTIFACT_RETENTION_DAYS ([#​28626](go-gitea/gitea#28626)) ([#​28630](go-gitea/gitea#28630)) - MISC - Add -F to commit search to treat keywords as strings ([#​28744](go-gitea/gitea#28744)) ([#​28748](go-gitea/gitea#28748)) - Add download attribute to release attachments ([#​28739](go-gitea/gitea#28739)) ([#​28740](go-gitea/gitea#28740)) - Concatenate error in `checkIfPRContentChanged` ([#​28731](go-gitea/gitea#28731)) ([#​28737](go-gitea/gitea#28737)) - Improve 1.21 document for Database Preparation ([#​28643](go-gitea/gitea#28643)) ([#​28644](go-gitea/gitea#28644)) Instances on **[Gitea Cloud](https://cloud.gitea.com)** will be automatically upgraded to this version during the specified maintenance window. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMzIuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEzMi4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Reviewed-on: https://git.home/nrdufour/home-ops/pulls/316 Co-authored-by: Renovate <renovate@ptinem.io> Co-committed-by: Renovate <renovate@ptinem.io>
The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix go-gitea#28515 Fix go-gitea#27642 Fix go-gitea#17098
The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix go-gitea#28515 Fix go-gitea#27642 Fix go-gitea#17098
The CORS code has been unmaintained for long time, and the behavior is not correct.
This PR tries to improve it. The key point is written as comment in code. And add more tests.
Fix #28515
Fix #27642
Fix #17098