github-starred/gitea
2
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-05-11 09:40:19 -05:00
Code Issues 2.6k Packages Projects Releases 100 Wiki Activity

Endpoint /login/oauth/access_token doesn't return Access-Control-Allow-Methods #3468

New Issue
Closed
opened 2025-11-02 05:13:45 -06:00 by GiteaMirror · 6 comments
GiteaMirror commented 2025-11-02 05:13:45 -06:00
Owner
Copy Link

Originally created by @esfraner on GitHub (Jun 14, 2019).

  • Gitea version (or commit ref): bd55f6ff
  • Git version: 2.11.0
  • Operating system: Linux debian
  • Database (use [x]):
    • PostgreSQL
    • MySQL
    • MSSQL
    • SQLite
  • Can you reproduce the bug at https://try.gitea.io:
    • Yes (provide example URL)
    • No
    • [x ] Not relevant
  • Log gist:

Description

Endpoint /login/oauth/access_token doesn't return Access-Control-Allow-Methods and give me CORS problem.
...

Screenshots

Screenshot_20190614_130928

....

Screenshot_20190614_1259032222

Originally created by @esfraner on GitHub (Jun 14, 2019). <!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue --> <!-- 1. Please speak English, this is the language all maintainers can speak and write. 2. Please ask questions or configuration/deploy problems on our Discord server (https://discord.gg/gitea) or forum (https://discourse.gitea.io). 3. Please take a moment to check that your issue doesn't already exist. 4. Please give all relevant information below for bug reports, because incomplete details will be handled as an invalid report. --> - Gitea version (or commit ref): bd55f6ff - Git version: 2.11.0 - Operating system: Linux debian - Database (use `[x]`): - [ ] PostgreSQL - [ ] MySQL - [ ] MSSQL - [ ] SQLite - Can you reproduce the bug at https://try.gitea.io: - [ ] Yes (provide example URL) - [ ] No - [x ] Not relevant - Log gist: ## Description Endpoint /login/oauth/access_token doesn't return Access-Control-Allow-Methods and give me CORS problem. ... ## Screenshots ![Screenshot_20190614_130928](https://user-images.githubusercontent.com/22304628/59505597-26e88a00-8ea6-11e9-9651-8f53aa1b0a86.png) .... ![Screenshot_20190614_1259032222](https://user-images.githubusercontent.com/22304628/59505062-a5442c80-8ea4-11e9-9982-3c58b112626a.png) <!-- **If this issue involves the Web Interface, please include a screenshot** -->
GiteaMirror added the issue/confirmedtype/enhancement labels 2025-11-02 05:13:45 -06:00
GiteaMirror commented 2025-11-02 05:13:45 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Jun 14, 2019):

What should it return exactly?

@zeripath commented on GitHub (Jun 14, 2019): What should it return exactly?
GiteaMirror commented 2025-11-02 05:13:46 -06:00
Author
Owner
Copy Link

@esfraner commented on GitHub (Jun 14, 2019):

@zeripath, as you can see, in this GET method, appears Access-Control-Request-Method with its method:
(No problem with the error 403, I only have to make a test OPTIONS request to show).

Screenshot_20190615_010914

Then the request that I did to endpoint /login/oauth/access_token should have this header.

@esfraner commented on GitHub (Jun 14, 2019): @zeripath, as you can see, in this GET method, appears `Access-Control-Request-Method` with its method: (No problem with the error 403, I only have to make a test OPTIONS request to show). ![Screenshot_20190615_010914](https://user-images.githubusercontent.com/22304628/59543473-b8d6ae00-8f0b-11e9-955e-da472e6301f3.png) Then the request that I did to endpoint `/login/oauth/access_token` should have this header.
GiteaMirror commented 2025-11-02 05:13:46 -06:00
Author
Owner
Copy Link

@stale[bot] commented on GitHub (Aug 13, 2019):

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

@stale[bot] commented on GitHub (Aug 13, 2019): This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.
GiteaMirror commented 2025-11-02 05:13:46 -06:00
Author
Owner
Copy Link

@sebastianwindeck commented on GitHub (Feb 17, 2021):

Is this issue solved?
I tried to access the endpoint from another resource for dev purpose
with [cors] enabled. I would like to enable cors for the endpoint:
/login/oauth/access_token.

How can I enable gitea in the config file app.ini to set the header:

    add_header 'Access-Control-Allow-Origin' '*';
    add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
@sebastianwindeck commented on GitHub (Feb 17, 2021): Is this issue solved? I tried to access the endpoint from another resource for dev purpose with `[cors]` enabled. I would like to enable cors for the endpoint: `/login/oauth/access_token`. How can I enable gitea in the config file `app.ini` to set the header: add_header 'Access-Control-Allow-Origin' '*'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
GiteaMirror commented 2025-11-02 05:13:46 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Mar 1, 2021):

Hmm

I think we might need a block like

a3cc842e15/routers/api/v1/api.go (L556-L563)

For those Auth routes

73a093d60f/routers/routes/web.go (L385-L391)

It will need a little bit of thought to know which need it.

@zeripath commented on GitHub (Mar 1, 2021): Hmm I think we might need a block like https://github.com/go-gitea/gitea/blob/a3cc842e15eb5ed42c3125410d9c774314a286a5/routers/api/v1/api.go#L556-L563 For those Auth routes https://github.com/go-gitea/gitea/blob/73a093d60f6f09d2f8688585dc45198d1ec507ca/routers/routes/web.go#L385-L391 It will need a little bit of thought to know which need it.
GiteaMirror commented 2025-11-02 05:13:46 -06:00
Author
Owner
Copy Link

@zeripath commented on GitHub (Mar 2, 2021):

@esfraner @sebastianwindeck Would you be able to try #14850 to see if that fixes your issue?

@zeripath commented on GitHub (Mar 2, 2021): @esfraner @sebastianwindeck Would you be able to try #14850 to see if that fixes your issue?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
Mirrored from GitHub Pull Request
 reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
No Label issue/confirmed type/enhancement
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#3468
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?