From 94210633ae64dcd1f5f9bdb046f888be526fe2da Mon Sep 17 00:00:00 2001
From: wxiaoguang <wxiaoguang@gmail.com>
Date: Thu, 20 Apr 2023 03:30:10 +0800
Subject: [PATCH] Fix incorrect CORS default values (#24206)

Document:

```
;ALLOW_DOMAIN = *
;METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
```

Co-authored-by: Giteabot <teabot@gitea.io>
---
 modules/setting/cors.go | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/modules/setting/cors.go b/modules/setting/cors.go
index 260848b5df..bafbbab64f 100644
--- a/modules/setting/cors.go
+++ b/modules/setting/cors.go
@@ -21,9 +21,10 @@ var CORSConfig = struct {
 	Headers          []string
 	XFrameOptions    string
 }{
-	Enabled:       false,
-	MaxAge:        10 * time.Minute,
+	AllowDomain:   []string{"*"},
+	Methods:       []string{"GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "OPTIONS"},
 	Headers:       []string{"Content-Type", "User-Agent"},
+	MaxAge:        10 * time.Minute,
 	XFrameOptions: "SAMEORIGIN",
 }