aboutsummaryrefslogtreecommitdiff
path: root/custom
diff options
context:
space:
mode:
authorDrew Noel2022-11-11 01:39:27 -0500
committerGitHub2022-11-11 14:39:27 +0800
commit2cbea23d700df9a45899e5de40e93e1a73354ce1 (patch)
tree5df074cfe7ad301b4ccc1e19b1a45e91178e03ed /custom
parentfb704f6c7248a13b29300e161bd28c52115aeb22 (diff)
Add configuration for CORS allowed headers (#21747)
This PR enhances the CORS middleware usage by allowing for the headers to be configured in `app.ini`. Fixes #21746 Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Diffstat (limited to 'custom')
-rw-r--r--custom/conf/app.example.ini3
1 files changed, 3 insertions, 0 deletions
diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 9f41fdb08..8e85394d3 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -1138,6 +1138,9 @@ ROUTER = console
;; allow request with credentials
;ALLOW_CREDENTIALS = false
;;
+;; headers to permit
+;HEADERS = Content-Type,User-Agent
+;;
;; set X-FRAME-OPTIONS header
;X_FRAME_OPTIONS = SAMEORIGIN