Skip to content

Commit 1e89768

Browse files
silverwindsilverwind
committed
pair optionsCorsHandler with optSignInAnyOrigin
1 parent 4b77d13 commit 1e89768

File tree

1 file changed

+5
-5
lines changed

1 file changed

+5
-5
lines changed

routers/web/web.go

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -234,7 +234,7 @@ func Routes() *web.Router {
234234
routes := web.NewRouter()
235235

236236
routes.Head("/", misc.DummyOK) // for health check - doesn't need to be passed through gzip handler
237-
routes.Methods("GET, HEAD, OPTIONS", "/assets/*", optionsCorsHandler(), public.FileHandlerFunc())
237+
routes.Methods("GET, HEAD, OPTIONS", "/assets/*", optSignInAnyOrigin, optionsCorsHandler(), public.FileHandlerFunc())
238238
routes.Methods("GET, HEAD", "/avatars/*", avatarStorageHandler(setting.Avatar.Storage, "avatars", storage.Avatars))
239239
routes.Methods("GET, HEAD", "/repo-avatars/*", avatarStorageHandler(setting.RepoAvatar.Storage, "repo-avatars", storage.RepoAvatars))
240240
routes.Methods("GET, HEAD", "/apple-touch-icon.png", misc.StaticRedirect("/assets/img/apple-touch-icon.png"))
@@ -484,12 +484,12 @@ func registerWebRoutes(m *web.Router) {
484484
})
485485
m.Get("/passkey-endpoints", passkeyEndpoints)
486486
m.Methods("GET, HEAD", "/*", public.FileHandlerFunc())
487-
}, optionsCorsHandler())
487+
}, optSignInAnyOrigin, optionsCorsHandler())
488488

489489
m.Post("/-/markup", reqSignIn, web.Bind(structs.MarkupOption{}), misc.Markup)
490490

491491
m.Get("/-/web-theme/list", misc.WebThemeList)
492-
m.Post("/-/web-theme/apply", optSignInAnyOrigin, misc.WebThemeApply)
492+
m.Post("/-/web-theme/apply", misc.WebThemeApply)
493493

494494
m.Group("/explore", func() {
495495
m.Get("", func(ctx *context.Context) {
@@ -824,7 +824,7 @@ func registerWebRoutes(m *web.Router) {
824824

825825
m.Group("", func() {
826826
m.Get("/{username}", user.UsernameSubRoute)
827-
m.Methods("GET, OPTIONS", "/attachments/{uuid}", optionsCorsHandler(), repo.GetAttachment)
827+
m.Methods("GET, OPTIONS", "/attachments/{uuid}", optionsCorsHandler(), optSignInAnyOrigin, repo.GetAttachment)
828828
}, optSignIn)
829829

830830
m.Post("/{username}", reqSignIn, context.UserAssignmentWeb(), user.ActionUserFollow)
@@ -1655,7 +1655,7 @@ func registerWebRoutes(m *web.Router) {
16551655
m.Post("/action/{action:accept_transfer|reject_transfer}", reqSignIn, repo.ActionTransfer)
16561656
}, optSignIn, context.RepoAssignment)
16571657

1658-
common.AddOwnerRepoGitLFSRoutes(m, optSignInAnyOrigin, lfsServerEnabled) // "/{username}/{reponame}/{lfs-paths}": git-lfs support
1658+
common.AddOwnerRepoGitLFSRoutes(m, lfsServerEnabled) // "/{username}/{reponame}/{lfs-paths}": git-lfs support
16591659

16601660
addOwnerRepoGitHTTPRouters(m) // "/{username}/{reponame}/{git-paths}": git http support
16611661

0 commit comments

Comments
 (0)