Run CORS handler first for /api routes (#7967)
Signed-off-by: Tamal Saha <tamal@appscode.com>
This commit is contained in:
parent
5409dec8fd
commit
6b3f52fe5f
2 changed files with 8 additions and 9 deletions
|
@ -75,7 +75,6 @@ import (
|
||||||
"code.gitea.io/gitea/routers/api/v1/user"
|
"code.gitea.io/gitea/routers/api/v1/user"
|
||||||
|
|
||||||
"gitea.com/macaron/binding"
|
"gitea.com/macaron/binding"
|
||||||
"gitea.com/macaron/cors"
|
|
||||||
"gitea.com/macaron/macaron"
|
"gitea.com/macaron/macaron"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -502,12 +501,6 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||||
m.Get("/swagger", misc.Swagger) //Render V1 by default
|
m.Get("/swagger", misc.Swagger) //Render V1 by default
|
||||||
}
|
}
|
||||||
|
|
||||||
var handlers []macaron.Handler
|
|
||||||
if setting.EnableCORS {
|
|
||||||
handlers = append(handlers, cors.CORS(setting.CORSConfig))
|
|
||||||
}
|
|
||||||
handlers = append(handlers, securityHeaders(), context.APIContexter(), sudo())
|
|
||||||
|
|
||||||
m.Group("/v1", func() {
|
m.Group("/v1", func() {
|
||||||
// Miscellaneous
|
// Miscellaneous
|
||||||
if setting.API.EnableSwagger {
|
if setting.API.EnableSwagger {
|
||||||
|
@ -853,7 +846,7 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||||
m.Group("/topics", func() {
|
m.Group("/topics", func() {
|
||||||
m.Get("/search", repo.TopicSearch)
|
m.Get("/search", repo.TopicSearch)
|
||||||
})
|
})
|
||||||
}, handlers...)
|
}, securityHeaders(), context.APIContexter(), sudo())
|
||||||
}
|
}
|
||||||
|
|
||||||
func securityHeaders() macaron.Handler {
|
func securityHeaders() macaron.Handler {
|
||||||
|
|
|
@ -41,6 +41,7 @@ import (
|
||||||
"gitea.com/macaron/binding"
|
"gitea.com/macaron/binding"
|
||||||
"gitea.com/macaron/cache"
|
"gitea.com/macaron/cache"
|
||||||
"gitea.com/macaron/captcha"
|
"gitea.com/macaron/captcha"
|
||||||
|
"gitea.com/macaron/cors"
|
||||||
"gitea.com/macaron/csrf"
|
"gitea.com/macaron/csrf"
|
||||||
"gitea.com/macaron/i18n"
|
"gitea.com/macaron/i18n"
|
||||||
"gitea.com/macaron/macaron"
|
"gitea.com/macaron/macaron"
|
||||||
|
@ -951,9 +952,14 @@ func RegisterRoutes(m *macaron.Macaron) {
|
||||||
m.Get("/swagger.v1.json", templates.JSONRenderer(), routers.SwaggerV1Json)
|
m.Get("/swagger.v1.json", templates.JSONRenderer(), routers.SwaggerV1Json)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
var handlers []macaron.Handler
|
||||||
|
if setting.EnableCORS {
|
||||||
|
handlers = append(handlers, cors.CORS(setting.CORSConfig))
|
||||||
|
}
|
||||||
|
handlers = append(handlers, ignSignIn)
|
||||||
m.Group("/api", func() {
|
m.Group("/api", func() {
|
||||||
apiv1.RegisterRoutes(m)
|
apiv1.RegisterRoutes(m)
|
||||||
}, ignSignIn)
|
}, handlers...)
|
||||||
|
|
||||||
m.Group("/api/internal", func() {
|
m.Group("/api/internal", func() {
|
||||||
// package name internal is ideal but Golang is not allowed, so we use private as package name.
|
// package name internal is ideal but Golang is not allowed, so we use private as package name.
|
||||||
|
|
Loading…
Reference in a new issue