From 2ef318e6f1d0c674e894d2d1f25ca79498663466 Mon Sep 17 00:00:00 2001
From: zeripath <art27@cantab.net>
Date: Thu, 13 Aug 2020 18:18:18 +0100
Subject: [PATCH] Add Access-Control-Expose-Headers (#12446)

Fix #12424

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
---
 modules/context/context.go     | 1 +
 modules/lfs/server.go          | 2 ++
 routers/api/v1/admin/org.go    | 1 +
 routers/api/v1/admin/user.go   | 1 +
 routers/api/v1/org/org.go      | 1 +
 routers/api/v1/org/team.go     | 1 +
 routers/api/v1/repo/commits.go | 1 +
 routers/api/v1/repo/issue.go   | 3 +++
 routers/api/v1/repo/pull.go    | 1 +
 routers/api/v1/repo/repo.go    | 1 +
 routers/api/v1/repo/status.go  | 1 +
 routers/api/v1/user/repo.go    | 2 ++
 routers/api/v1/user/user.go    | 1 +
 routers/repo/download.go       | 2 ++
 14 files changed, 19 insertions(+)

diff --git a/modules/context/context.go b/modules/context/context.go
index b26528f6b2..cc68fb093b 100644
--- a/modules/context/context.go
+++ b/modules/context/context.go
@@ -222,6 +222,7 @@ func (ctx *Context) ServeContent(name string, r io.ReadSeeker, params ...interfa
 	ctx.Resp.Header().Set("Expires", "0")
 	ctx.Resp.Header().Set("Cache-Control", "must-revalidate")
 	ctx.Resp.Header().Set("Pragma", "public")
+	ctx.Resp.Header().Set("Access-Control-Expose-Headers", "Content-Disposition")
 	http.ServeContent(ctx.Resp, ctx.Req.Request, name, modtime, r)
 }
 
diff --git a/modules/lfs/server.go b/modules/lfs/server.go
index c39bf40d69..f227ebe2eb 100644
--- a/modules/lfs/server.go
+++ b/modules/lfs/server.go
@@ -183,6 +183,7 @@ func getContentHandler(ctx *context.Context) {
 			}
 
 			ctx.Resp.Header().Set("Content-Range", fmt.Sprintf("bytes %d-%d/%d", fromByte, toByte, meta.Size-fromByte))
+			ctx.Resp.Header().Set("Access-Control-Expose-Headers", "Content-Range")
 		}
 	}
 
@@ -204,6 +205,7 @@ func getContentHandler(ctx *context.Context) {
 		decodedFilename, err := base64.RawURLEncoding.DecodeString(filename)
 		if err == nil {
 			ctx.Resp.Header().Set("Content-Disposition", "attachment; filename=\""+string(decodedFilename)+"\"")
+			ctx.Resp.Header().Set("Access-Control-Expose-Headers", "Content-Disposition")
 		}
 	}
 
diff --git a/routers/api/v1/admin/org.go b/routers/api/v1/admin/org.go
index 62d485d821..0fd9e17f41 100644
--- a/routers/api/v1/admin/org.go
+++ b/routers/api/v1/admin/org.go
@@ -121,5 +121,6 @@ func GetAllOrgs(ctx *context.APIContext) {
 
 	ctx.SetLinkHeader(int(maxResults), listOptions.PageSize)
 	ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", maxResults))
+	ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, Link")
 	ctx.JSON(http.StatusOK, &orgs)
 }
diff --git a/routers/api/v1/admin/user.go b/routers/api/v1/admin/user.go
index 153ce66d76..a8a573eaf0 100644
--- a/routers/api/v1/admin/user.go
+++ b/routers/api/v1/admin/user.go
@@ -370,5 +370,6 @@ func GetAllUsers(ctx *context.APIContext) {
 
 	ctx.SetLinkHeader(int(maxResults), listOptions.PageSize)
 	ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", maxResults))
+	ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, Link")
 	ctx.JSON(http.StatusOK, &results)
 }
diff --git a/routers/api/v1/org/org.go b/routers/api/v1/org/org.go
index 1d277521cc..7577700abf 100644
--- a/routers/api/v1/org/org.go
+++ b/routers/api/v1/org/org.go
@@ -135,6 +135,7 @@ func GetAll(ctx *context.APIContext) {
 
 	ctx.SetLinkHeader(int(maxResults), listOptions.PageSize)
 	ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", maxResults))
+	ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, Link")
 	ctx.JSON(http.StatusOK, &orgs)
 }
 
diff --git a/routers/api/v1/org/team.go b/routers/api/v1/org/team.go
index 0e92f2edb8..443784fb8b 100644
--- a/routers/api/v1/org/team.go
+++ b/routers/api/v1/org/team.go
@@ -686,6 +686,7 @@ func SearchTeam(ctx *context.APIContext) {
 
 	ctx.SetLinkHeader(int(maxResults), listOptions.PageSize)
 	ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", maxResults))
+	ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, Link")
 	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"ok":   true,
 		"data": apiTeams,
diff --git a/routers/api/v1/repo/commits.go b/routers/api/v1/repo/commits.go
index d383cd500f..8b2dc28bdd 100644
--- a/routers/api/v1/repo/commits.go
+++ b/routers/api/v1/repo/commits.go
@@ -211,6 +211,7 @@ func GetAllCommits(ctx *context.APIContext) {
 
 	ctx.SetLinkHeader(int(commitsCountTotal), listOptions.PageSize)
 	ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", commitsCountTotal))
+	ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, X-PerPage, X-Total, X-PageCount, X-HasMore, Link")
 
 	ctx.JSON(http.StatusOK, &apiCommits)
 }
diff --git a/routers/api/v1/repo/issue.go b/routers/api/v1/repo/issue.go
index d7bd3cd356..1653b85940 100644
--- a/routers/api/v1/repo/issue.go
+++ b/routers/api/v1/repo/issue.go
@@ -173,6 +173,8 @@ func SearchIssues(ctx *context.APIContext) {
 	}
 
 	ctx.SetLinkHeader(issueCount, setting.UI.IssuePagingNum)
+	ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", issueCount))
+	ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, Link")
 	ctx.JSON(http.StatusOK, convert.ToAPIIssueList(issues))
 }
 
@@ -322,6 +324,7 @@ func ListIssues(ctx *context.APIContext) {
 
 	ctx.SetLinkHeader(ctx.Repo.Repository.NumIssues, listOptions.PageSize)
 	ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", ctx.Repo.Repository.NumIssues))
+	ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, Link")
 
 	ctx.JSON(http.StatusOK, convert.ToAPIIssueList(issues))
 }
diff --git a/routers/api/v1/repo/pull.go b/routers/api/v1/repo/pull.go
index 5fc0cd8cfb..21cc048a69 100644
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -115,6 +115,7 @@ func ListPullRequests(ctx *context.APIContext, form api.ListPullRequestsOptions)
 
 	ctx.SetLinkHeader(int(maxResults), listOptions.PageSize)
 	ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", maxResults))
+	ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, Link")
 	ctx.JSON(http.StatusOK, &apiPrs)
 }
 
diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go
index f812ac6788..93898cd7ef 100644
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@@ -222,6 +222,7 @@ func Search(ctx *context.APIContext) {
 
 	ctx.SetLinkHeader(int(count), opts.PageSize)
 	ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", count))
+	ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, Link")
 	ctx.JSON(http.StatusOK, api.SearchResults{
 		OK:   true,
 		Data: results,
diff --git a/routers/api/v1/repo/status.go b/routers/api/v1/repo/status.go
index 11af4a0d1b..69661dca91 100644
--- a/routers/api/v1/repo/status.go
+++ b/routers/api/v1/repo/status.go
@@ -227,6 +227,7 @@ func getCommitStatuses(ctx *context.APIContext, sha string) {
 
 	ctx.SetLinkHeader(int(maxResults), listOptions.PageSize)
 	ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", maxResults))
+	ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, Link")
 
 	ctx.JSON(http.StatusOK, apiStatuses)
 }
diff --git a/routers/api/v1/user/repo.go b/routers/api/v1/user/repo.go
index dbd18f133d..ae5e319c27 100644
--- a/routers/api/v1/user/repo.go
+++ b/routers/api/v1/user/repo.go
@@ -43,6 +43,7 @@ func listUserRepos(ctx *context.APIContext, u *models.User, private bool) {
 
 	ctx.SetLinkHeader(int(count), opts.PageSize)
 	ctx.Header().Set("X-Total-Count", strconv.FormatInt(count, 10))
+	ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, Link")
 	ctx.JSON(http.StatusOK, &apiRepos)
 }
 
@@ -129,6 +130,7 @@ func ListMyRepos(ctx *context.APIContext) {
 
 	ctx.SetLinkHeader(int(count), opts.ListOptions.PageSize)
 	ctx.Header().Set("X-Total-Count", strconv.FormatInt(count, 10))
+	ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, Link")
 	ctx.JSON(http.StatusOK, &results)
 }
 
diff --git a/routers/api/v1/user/user.go b/routers/api/v1/user/user.go
index 426501f331..b552c1353a 100644
--- a/routers/api/v1/user/user.go
+++ b/routers/api/v1/user/user.go
@@ -82,6 +82,7 @@ func Search(ctx *context.APIContext) {
 
 	ctx.SetLinkHeader(int(maxResults), listOptions.PageSize)
 	ctx.Header().Set("X-Total-Count", fmt.Sprintf("%d", maxResults))
+	ctx.Header().Set("Access-Control-Expose-Headers", "X-Total-Count, Link")
 
 	ctx.JSON(http.StatusOK, map[string]interface{}{
 		"ok":   true,
diff --git a/routers/repo/download.go b/routers/repo/download.go
index 7ef0574b1d..5ae9475ae7 100644
--- a/routers/repo/download.go
+++ b/routers/repo/download.go
@@ -42,8 +42,10 @@ func ServeData(ctx *context.Context, name string, reader io.Reader) error {
 		ctx.Resp.Header().Set("Content-Type", "text/plain; charset="+strings.ToLower(cs))
 	} else if base.IsImageFile(buf) || base.IsPDFFile(buf) {
 		ctx.Resp.Header().Set("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, name))
+		ctx.Resp.Header().Set("Access-Control-Expose-Headers", "Content-Disposition")
 	} else {
 		ctx.Resp.Header().Set("Content-Disposition", fmt.Sprintf(`attachment; filename="%s"`, name))
+		ctx.Resp.Header().Set("Access-Control-Expose-Headers", "Content-Disposition")
 	}
 
 	_, err := ctx.Resp.Write(buf)