Run CORS handler first for /api routes (#7967)

Signed-off-by: Tamal Saha <tamal@appscode.com>
This commit is contained in:
Tamal Saha 2019-08-26 04:33:06 -07:00 committed by Antoine GIRARD
parent 5409dec8fd
commit 6b3f52fe5f
2 changed files with 8 additions and 9 deletions

View file

@ -75,7 +75,6 @@ import (
"code.gitea.io/gitea/routers/api/v1/user" "code.gitea.io/gitea/routers/api/v1/user"
"gitea.com/macaron/binding" "gitea.com/macaron/binding"
"gitea.com/macaron/cors"
"gitea.com/macaron/macaron" "gitea.com/macaron/macaron"
) )
@ -502,12 +501,6 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Get("/swagger", misc.Swagger) //Render V1 by default m.Get("/swagger", misc.Swagger) //Render V1 by default
} }
var handlers []macaron.Handler
if setting.EnableCORS {
handlers = append(handlers, cors.CORS(setting.CORSConfig))
}
handlers = append(handlers, securityHeaders(), context.APIContexter(), sudo())
m.Group("/v1", func() { m.Group("/v1", func() {
// Miscellaneous // Miscellaneous
if setting.API.EnableSwagger { if setting.API.EnableSwagger {
@ -853,7 +846,7 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Group("/topics", func() { m.Group("/topics", func() {
m.Get("/search", repo.TopicSearch) m.Get("/search", repo.TopicSearch)
}) })
}, handlers...) }, securityHeaders(), context.APIContexter(), sudo())
} }
func securityHeaders() macaron.Handler { func securityHeaders() macaron.Handler {

View file

@ -41,6 +41,7 @@ import (
"gitea.com/macaron/binding" "gitea.com/macaron/binding"
"gitea.com/macaron/cache" "gitea.com/macaron/cache"
"gitea.com/macaron/captcha" "gitea.com/macaron/captcha"
"gitea.com/macaron/cors"
"gitea.com/macaron/csrf" "gitea.com/macaron/csrf"
"gitea.com/macaron/i18n" "gitea.com/macaron/i18n"
"gitea.com/macaron/macaron" "gitea.com/macaron/macaron"
@ -951,9 +952,14 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Get("/swagger.v1.json", templates.JSONRenderer(), routers.SwaggerV1Json) m.Get("/swagger.v1.json", templates.JSONRenderer(), routers.SwaggerV1Json)
} }
var handlers []macaron.Handler
if setting.EnableCORS {
handlers = append(handlers, cors.CORS(setting.CORSConfig))
}
handlers = append(handlers, ignSignIn)
m.Group("/api", func() { m.Group("/api", func() {
apiv1.RegisterRoutes(m) apiv1.RegisterRoutes(m)
}, ignSignIn) }, handlers...)
m.Group("/api/internal", func() { m.Group("/api/internal", func() {
// package name internal is ideal but Golang is not allowed, so we use private as package name. // package name internal is ideal but Golang is not allowed, so we use private as package name.