-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using gitea as OIDC provider - CORS problem #28515
Comments
Same as #28184 (comment) , the |
As suggested I tested with a local build image containing the following modification in routers/web/web.go:
Unfortunately this does not fix CORS problem Comparing requests from inside the docker container to
According to Understanding the Importance of “Vary: Origin” to Prevent Cache Confusion and CORS Errors this might be the root cause why CORS is not working as expected. Unfortunately i am not that deep dived enough to fix missing |
Thank you for your PR. After #28583 gets merged, I will propose some following fixes. |
Follow go-gitea#28184 Follow go-gitea#28515 Fix problem with 405 method not allowed for CORS wrt OIDC
Backport #28583 by @morphelinho Follow #28184 Follow #28515 Fix problem with 405 method not allowed for CORS wrt OIDC Co-authored-by: morphelinho <[email protected]>
-> Refactor CORS handler #28587 |
Follow go-gitea#28184 Follow go-gitea#28515 Fix problem with 405 method not allowed for CORS wrt OIDC
The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix go-gitea#28515 Fix go-gitea#27642 Fix go-gitea#17098 # Conflicts: # tests/integration/cors_test.go
The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix go-gitea#28515 Fix go-gitea#27642 Fix go-gitea#17098
Follow go-gitea#28184 Follow go-gitea#28515 Fix problem with 405 method not allowed for CORS wrt OIDC
The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix go-gitea#28515 Fix go-gitea#27642 Fix go-gitea#17098
The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix go-gitea#28515 Fix go-gitea#27642 Fix go-gitea#17098
Description
I want to use my own hosted gitea instance as OIDC provider for a test SPA based on angular-oauth2-oidc.
Request for oidc discovery is blocked with error message:
Access to XMLHttpRequest at 'https://gitea-instance/.well-known/openid-configuration' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Enabling cors in gitea-instance via
does unblock this request but the follow up request for autodiscovery is blocked too:
Access to XMLHttpRequest at 'https://gitea-instance/login/oauth/keys' from origin 'http://localhost:4200' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Any help would be appreciated.
Gitea Version
Gitea version: 1.21.2 built with GNU Make 4.4.1, go1.21.5 : bindata, timetzdata, sqlite, sqlite_unlock_notify
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
No response
How are you running Gitea?
Docker image gitea/gitea:latest in self hosted bare metal kubernetes single node cluster.
Database
None
The text was updated successfully, but these errors were encountered: