Custom Access-Control-Allow-Origin header in raw data

[edoaxyz]

Description

I noticed that raw data are sent without including the Access-Control-Allow-Origin header. This is necessary if someone wants to use this data with javascript because Chrome (or other web browsers) won't accept this data without this header specified as Access-Control-Allow-Origin:"*". Another issue like this was submitted in Gogs and I noticed that it's already been closed.

[lafriks]

Setting to * is insecure and can be abused

[edoaxyz]

I requested it as a custom feature that can be set in app.ini and if someone wants to apply it is at his own risk.

[sapk]

@edoaxyz It would be more logical to use a reverse proxy to do custom use case. You can use various webserver to do the job like Apache, nginx, caddy, traefik, etc ...

[sapk]

For example you can find basic configuration on gitea docs or even on archlinux wiki

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.

[techknowlogick]

This now exists in Gitea