zeripath afd88a2418
Allow setting X-FRAME-OPTIONS (#16643)
* Allow setting X-FRAME-OPTIONS

This PR provides a mechanism to set the X-FRAME-OPTIONS header.

Fix #7951

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: John Olheiser <john.olheiser@gmail.com>

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2021-08-06 16:47:10 -04:00

41 lines
836 B
Go

// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package setting
import (
"time"
"code.gitea.io/gitea/modules/log"
)
var (
// CORSConfig defines CORS settings
CORSConfig = struct {
Enabled bool
Scheme string
AllowDomain []string
AllowSubdomain bool
Methods []string
MaxAge time.Duration
AllowCredentials bool
XFrameOptions string
}{
Enabled: false,
MaxAge: 10 * time.Minute,
XFrameOptions: "SAMEORIGIN",
}
)
func newCORSService() {
sec := Cfg.Section("cors")
if err := sec.MapTo(&CORSConfig); err != nil {
log.Fatal("Failed to map cors settings: %v", err)
}
if CORSConfig.Enabled {
log.Info("CORS Service Enabled")
}
}