From 6a185e94b94d807ac0d0d008e991cac49b784e28 Mon Sep 17 00:00:00 2001
From: William Hilton <wmhilton@gmail.com>
Date: Wed, 14 Mar 2018 11:08:00 -0400
Subject: repo/http: add CORS headers to allow clone/push from browser agents
 (#4970)

---
 routes/repo/http.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'routes')

diff --git a/routes/repo/http.go b/routes/repo/http.go
index b8f519ba..2724ee1c 100644
--- a/routes/repo/http.go
+++ b/routes/repo/http.go
@@ -56,6 +56,18 @@ func askCredentials(c *context.Context, status int, text string) {
 
 func HTTPContexter() macaron.Handler {
 	return func(c *context.Context) {
+		if len(setting.HTTP.AccessControlAllowOrigin) > 0 {
+			// Set CORS headers for browser-based git clients
+			c.Resp.Header().Set("Access-Control-Allow-Origin", setting.HTTP.AccessControlAllowOrigin)
+			c.Resp.Header().Set("Access-Control-Allow-Headers", "Content-Type, Authorization")
+
+			// Handle preflight OPTIONS request
+			if c.Req.Method == "OPTIONS" {
+				c.Status(http.StatusOK)
+				return
+			}
+		}
+
 		ownerName := c.Params(":username")
 		repoName := strings.TrimSuffix(c.Params(":reponame"), ".git")
 		repoName = strings.TrimSuffix(repoName, ".wiki")
-- 
cgit v1.2.3