api: make CORS work by handling preflight OPTIONS request (#4264)

* make CORS work by handling preflight OPTIONS request * Update api.go
8 years ago · b9bb4a62d6
2 changed files with 6 additions and 0 deletions
--- a/modules/context/context.go
+++ b/modules/context/context.go
@ -159,6 +159,9 @@ func Contexter() macaron.Handler {

 		if len(setting.HTTP.AccessControlAllowOrigin) > 0 {
 			ctx.Header().Set("Access-Control-Allow-Origin", setting.HTTP.AccessControlAllowOrigin)
+			ctx.Header().Set("'Access-Control-Allow-Credentials' ", "true")
+			ctx.Header().Set("Access-Control-Max-Age", "3600")
+			ctx.Header().Set("Access-Control-Allow-Headers", "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With")
 		}

 		// Compute current URL for real-time change language.
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@ -173,6 +173,9 @@ func RegisterRoutes(m *macaron.Macaron) {
 	bind := binding.Bind

 	m.Group("/v1", func() {
+		// Handle preflight OPTIONS request
+		m.Options("/*", func() {})
+
 		// Miscellaneous
 		m.Post("/markdown", bind(api.MarkdownOption{}), misc.Markdown)
 		m.Post("/markdown/raw", misc.MarkdownRaw)