From 2e6e5bc9c96ebb760f28c08423bb0c244ca7e01c Mon Sep 17 00:00:00 2001 From: Giteabot Date: Wed, 19 Apr 2023 16:23:25 -0400 Subject: [PATCH] Fix incorrect CORS default values (#24206) (#24217) Backport #24206 by @wxiaoguang Document: ``` ;ALLOW_DOMAIN = * ;METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS ``` Co-authored-by: wxiaoguang --- modules/setting/cors.go | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/setting/cors.go b/modules/setting/cors.go index 260848b5df33..bafbbab64f99 100644 --- a/modules/setting/cors.go +++ b/modules/setting/cors.go @@ -21,9 +21,10 @@ var CORSConfig = struct { Headers []string XFrameOptions string }{ - Enabled: false, - MaxAge: 10 * time.Minute, + AllowDomain: []string{"*"}, + Methods: []string{"GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"}, Headers: []string{"Content-Type", "User-Agent"}, + MaxAge: 10 * time.Minute, XFrameOptions: "SAMEORIGIN", }