repo/http: add CORS headers to allow clone/push from browser agents (#4970)

author: William Hilton <wmhilton@gmail.com> 2018-03-14 11:08:00 -0400
committer: jc <u@gogs.io> 2018-03-14 11:08:00 -0400
commit: 6a185e94b94d807ac0d0d008e991cac49b784e28 (patch)
tree: f1d27975d93ee82392835864391d186379f28304 /routes
parent: ba0a78da2ac69315dd4c40dae5405194f1afae44 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/routes/repo/http.go b/routes/repo/http.go
index b8f519ba..2724ee1c 100644
--- a/routes/repo/http.go
+++ b/routes/repo/http.go
@@ -56,6 +56,18 @@ func askCredentials(c *context.Context, status int, text string) {
 
 func HTTPContexter() macaron.Handler {
 	return func(c *context.Context) {
+		if len(setting.HTTP.AccessControlAllowOrigin) > 0 {
+			// Set CORS headers for browser-based git clients
+			c.Resp.Header().Set("Access-Control-Allow-Origin", setting.HTTP.AccessControlAllowOrigin)
+			c.Resp.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+
+			// Handle preflight OPTIONS request
+			if c.Req.Method == "OPTIONS" {
+				c.Status(http.StatusOK)
+				return
+			}
+		}
+
 		ownerName := c.Params(":username")
 		repoName := strings.TrimSuffix(c.Params(":reponame"), ".git")
 		repoName = strings.TrimSuffix(repoName, ".wiki")
author	William Hilton <wmhilton@gmail.com>	2018-03-14 11:08:00 -0400
committer	jc <u@gogs.io>	2018-03-14 11:08:00 -0400
commit	6a185e94b94d807ac0d0d008e991cac49b784e28 (patch)
tree	f1d27975d93ee82392835864391d186379f28304 /routes
parent	ba0a78da2ac69315dd4c40dae5405194f1afae44 (diff)