Commit 923a1f7a authored by Rémy Coutable's avatar Rémy Coutable

Merge branch 'master' of dev.gitlab.org:gitlab/gitlabhq

parents 0a42c6a2 0ee03af8
......@@ -99,13 +99,24 @@ module Gitlab
config.action_view.sanitized_allowed_protocols = %w(smb)
config.middleware.use Rack::Attack
config.middleware.insert_before Warden::Manager, Rack::Attack
# Allow access to GitLab API from other domains
config.middleware.use Rack::Cors do
config.middleware.insert_before Warden::Manager, Rack::Cors do
allow do
origins Gitlab.config.gitlab.url
resource '/api/*',
credentials: true,
headers: :any,
methods: :any,
expose: ['Link']
end
# Cross-origin requests must not have the session cookie available
allow do
origins '*'
resource '/api/*',
credentials: false,
headers: :any,
methods: :any,
expose: ['Link']
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment