github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-12 02:24:21 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

OAuth2 provider and CORS #11086

New Issue
Closed
opened 2025-11-02 09:27:12 -06:00 by GiteaMirror · 4 comments
GiteaMirror commented 2025-11-02 09:27:12 -06:00
Owner
Copy Link

Originally created by @acquleo on GitHub (Jun 23, 2023).

Description

I'm trying to integrate gitea OpenId Connect authentication from another website.
I have configured the following cors parameters:
[cors]
ENABLED = true
ALLOW_DOMAIN = *
ALLOW_CREDENTIALS = true

It look like CORS is working on API, so if I try to call /packages/{owner}?, the browser includes the header Origin in the request and gitea response includes :
Access-Control-Allow-Origin: *

than if I try to use Oauth2 provider authentication the gitea response doesn't include Access-Control-Allow-Origin generating the following cors error:

Access to XMLHttpRequest at 'http://:3000/.well-known/openid-configuration' from origin 'http://:8085' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

how can I fix this?

Thanks

Gitea Version

1.19.3

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

Ubuntu 22.04.2 LTS

How are you running Gitea?

I'm running GITEA as stack on docker swarm node.
image: gitea/gitea:1.19.3
image: postgres:11-alpine

Database

PostgreSQL

Originally created by @acquleo on GitHub (Jun 23, 2023). ### Description I'm trying to integrate gitea OpenId Connect authentication from another website. I have configured the following cors parameters: [cors] ENABLED = true ALLOW_DOMAIN = * ALLOW_CREDENTIALS = true It look like CORS is working on API, so if I try to call /packages/{owner}?, the browser includes the header Origin in the request and gitea response includes : Access-Control-Allow-Origin: * than if I try to use Oauth2 provider authentication the gitea response doesn't include Access-Control-Allow-Origin generating the following cors error: Access to XMLHttpRequest at 'http://<ip>:3000/.well-known/openid-configuration' from origin 'http://<ip2>:8085' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. how can I fix this? Thanks ### Gitea Version 1.19.3 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System Ubuntu 22.04.2 LTS ### How are you running Gitea? I'm running GITEA as stack on docker swarm node. image: gitea/gitea:1.19.3 image: postgres:11-alpine ### Database PostgreSQL
GiteaMirror added the type/bug label 2025-11-02 09:27:12 -06:00
GiteaMirror commented 2025-11-02 09:27:14 -06:00
Author
Owner
Copy Link

@acquleo commented on GitHub (Jun 23, 2023):

added wireshark trace
https://drive.google.com/file/d/1xpmX0k0MHbEcz_MOQZn4GimcX-esPNUO/view?usp=sharing

@acquleo commented on GitHub (Jun 23, 2023): added wireshark trace https://drive.google.com/file/d/1xpmX0k0MHbEcz_MOQZn4GimcX-esPNUO/view?usp=sharing
GiteaMirror commented 2025-11-02 09:27:14 -06:00
Author
Owner
Copy Link

@silverwind commented on GitHub (Jun 23, 2023):

OAuth to my knowledge does not require CORS. What are you trying to do?

@silverwind commented on GitHub (Jun 23, 2023): OAuth to my knowledge does not require CORS. What are you trying to do?
GiteaMirror commented 2025-11-02 09:27:14 -06:00
Author
Owner
Copy Link

@acquleo commented on GitHub (Jun 23, 2023):

I'm trying to delegate user Oauth2 authentication to gitea from another website and get a token session to be used to call gitea API.
In details

  • user open custom_website
  • click in login button
  • custom_website navigate to Outh2 authentication page of gitea
  • user put credentials in gitea
  • gitea redirect the login page to custom_website passing the user access token
  • custom_website uses the access token to call gitea API
@acquleo commented on GitHub (Jun 23, 2023): I'm trying to delegate user Oauth2 authentication to gitea from another website and get a token session to be used to call gitea API. In details - user open custom_website - click in login button - custom_website navigate to Outh2 authentication page of gitea - user put credentials in gitea - gitea redirect the login page to custom_website passing the user access token - custom_website uses the access token to call gitea API
GiteaMirror commented 2025-11-02 09:27:14 -06:00
Author
Owner
Copy Link

@wxiaoguang commented on GitHub (Jun 29, 2023):

It's not documented, but the CORS only applies to these handlers:

image

@wxiaoguang commented on GitHub (Jun 29, 2023): It's not documented, but the CORS only applies to these handlers: ![image](https://github.com/go-gitea/gitea/assets/2114189/4e9620de-5e93-498a-893f-938e238fc634)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label type/bug
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#11086
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?