Skip to content

Commit

Permalink
Run CORS handler first for /api routes (go-gitea#7967)
Browse files Browse the repository at this point in the history
Signed-off-by: Tamal Saha <tamal@appscode.com>
  • Loading branch information
tamalsaha committed Sep 2, 2019
1 parent 3cc7288 commit f7d9619
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 9 deletions.
9 changes: 1 addition & 8 deletions routers/api/v1/api.go
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,6 @@ import (
"code.gitea.io/gitea/routers/api/v1/user"

"github.com/go-macaron/binding"
"github.com/go-macaron/cors"
macaron "gopkg.in/macaron.v1"
)

Expand Down Expand Up @@ -501,12 +500,6 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Get("/swagger", misc.Swagger) //Render V1 by default
}

var handlers []macaron.Handler
if setting.EnableCORS {
handlers = append(handlers, cors.CORS(setting.CORSConfig))
}
handlers = append(handlers, securityHeaders(), context.APIContexter(), sudo())

m.Group("/v1", func() {
// Miscellaneous
if setting.API.EnableSwagger {
Expand Down Expand Up @@ -852,7 +845,7 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Group("/topics", func() {
m.Get("/search", repo.TopicSearch)
})
}, handlers...)
}, securityHeaders(), context.APIContexter(), sudo())
}

func securityHeaders() macaron.Handler {
Expand Down
8 changes: 7 additions & 1 deletion routers/routes/routes.go
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@ import (
"github.com/go-macaron/binding"
"github.com/go-macaron/cache"
"github.com/go-macaron/captcha"
"github.com/go-macaron/cors"
"github.com/go-macaron/csrf"
"github.com/go-macaron/i18n"
"github.com/go-macaron/session"
Expand Down Expand Up @@ -947,9 +948,14 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Get("/swagger.v1.json", templates.JSONRenderer(), routers.SwaggerV1Json)
}

var handlers []macaron.Handler
if setting.EnableCORS {
handlers = append(handlers, cors.CORS(setting.CORSConfig))
}
handlers = append(handlers, ignSignIn)
m.Group("/api", func() {
apiv1.RegisterRoutes(m)
}, ignSignIn)
}, handlers...)

m.Group("/api/internal", func() {
// package name internal is ideal but Golang is not allowed, so we use private as package name.
Expand Down

0 comments on commit f7d9619

Please sign in to comment.