afd88a2418
* Allow setting X-FRAME-OPTIONS This PR provides a mechanism to set the X-FRAME-OPTIONS header. Fix #7951 Signed-off-by: Andrew Thornton <art27@cantab.net> * Update docs/content/doc/advanced/config-cheat-sheet.en-us.md Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
41 lines
836 B
Go
41 lines
836 B
Go
// Copyright 2019 The Gitea Authors. All rights reserved.
|
|
// Use of this source code is governed by a MIT-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
package setting
|
|
|
|
import (
|
|
"time"
|
|
|
|
"code.gitea.io/gitea/modules/log"
|
|
)
|
|
|
|
var (
|
|
// CORSConfig defines CORS settings
|
|
CORSConfig = struct {
|
|
Enabled bool
|
|
Scheme string
|
|
AllowDomain []string
|
|
AllowSubdomain bool
|
|
Methods []string
|
|
MaxAge time.Duration
|
|
AllowCredentials bool
|
|
XFrameOptions string
|
|
}{
|
|
Enabled: false,
|
|
MaxAge: 10 * time.Minute,
|
|
XFrameOptions: "SAMEORIGIN",
|
|
}
|
|
)
|
|
|
|
func newCORSService() {
|
|
sec := Cfg.Section("cors")
|
|
if err := sec.MapTo(&CORSConfig); err != nil {
|
|
log.Fatal("Failed to map cors settings: %v", err)
|
|
}
|
|
|
|
if CORSConfig.Enabled {
|
|
log.Info("CORS Service Enabled")
|
|
}
|
|
}
|