Closed elapse2039 closed 2 months ago
I ever worked on the CORS related code ( Refactor CORS handler #28587 ). IIRC the minimal config is:
[cors]
ENABLED = true
; or also comment the ALLOW_DOMAIN out:: list of requesting origins that are allowed, eg: "https://*.example.com", default to "*"
;ALLOW_DOMAIN = *
(unfortunately there is no easy way to check from console to see whether the config is correctly applied .... if the config file is right, it should work IMO)
Thanks for the clarification.
I am not seeing this make any difference.
One detail: The gitea server is behind an NGINX transparent proxy.
Possibly a solution.... I have found by adding a set of CORS headers that specify allowed origins for myserver.mydomain.com to the NGINX gitea proxy then myserver.mydomain.com can successfully make calls to gitea.mydomain.com.
Questions...
I am not sure if CORS headers are expected to traverse a NGINX proxy?
I havent tried placing Gitea service in front... but wondering if you would/should have CORS defined at NGINX or whether there is a problem with Gitea CORS?
Questions...
I am not sure if CORS headers are expected to traverse a NGINX proxy?
According to #28587 and related user feedbacks, I think Gitea should be able to handle CORS correctly. No idea why it doesn't respond correctly in your environment.
If the CORS is correctly enabled, you could see a startup log saying: CORS Service Enabled
We close issues that need feedback from the author if there were no new comments for a month. :tea:
Description
I have run into a CORS issue that I am maybe misunderstanding or misconfiguration.
What I'm wondering is which thing (the server or gitea) is complaining about CORS during the OAuth flow?
(Please note: I've replaced domain with mydomain.com)
I have...
In Swagger, I open the popup and when I authorize I get directed to Gitea website to login successfully but when coming back to the Swagger page, I see some flickering and this screenshot.
I see this in my browser console...
(I dont get why there is a NS_ERROR_DOM_BAD_URI error.)
In fastapi project, I have included CORS
In Gitea I've also tried enabling CORS... but I dont see this appear in the Gitea Console.
The OAuth flow is based on FastAPI docs and had some success integrating to Gitea OAuth Provider if I have explict APIs but not if I try and use Swagger UI which is what I'd really like to have working.
So my two questions:
Gitea Version
1.22
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
linux
How are you running Gitea?
Self hosted via docker compose.
Database
None