diff options
| -rw-r--r-- | cmd/web.go | 2 | ||||
| -rw-r--r-- | routes/repo/http.go | 12 |
2 files changed, 14 insertions, 0 deletions
@@ -637,8 +637,10 @@ func runWeb(c *cli.Context) error { // e.g. with or without ".git" suffix. m.Group("/:reponame([\\d\\w-_\\.]+\\.git$)", func() { m.Get("", ignSignIn, context.RepoAssignment(), context.RepoRef(), repo.Home) + m.Options("/*", ignSignInAndCsrf, repo.HTTPContexter(), repo.HTTP) m.Route("/*", "GET,POST", ignSignInAndCsrf, repo.HTTPContexter(), repo.HTTP) }) + m.Options("/:reponame/*", ignSignInAndCsrf, repo.HTTPContexter(), repo.HTTP) m.Route("/:reponame/*", "GET,POST", ignSignInAndCsrf, repo.HTTPContexter(), repo.HTTP) }) // ***** END: Repository ***** diff --git a/routes/repo/http.go b/routes/repo/http.go index b8f519ba..2724ee1c 100644 --- a/routes/repo/http.go +++ b/routes/repo/http.go @@ -56,6 +56,18 @@ func askCredentials(c *context.Context, status int, text string) { func HTTPContexter() macaron.Handler { return func(c *context.Context) { + if len(setting.HTTP.AccessControlAllowOrigin) > 0 { + // Set CORS headers for browser-based git clients + c.Resp.Header().Set("Access-Control-Allow-Origin", setting.HTTP.AccessControlAllowOrigin) + c.Resp.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization") + + // Handle preflight OPTIONS request + if c.Req.Method == "OPTIONS" { + c.Status(http.StatusOK) + return + } + } + ownerName := c.Params(":username") repoName := strings.TrimSuffix(c.Params(":reponame"), ".git") repoName = strings.TrimSuffix(repoName, ".wiki") |