diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-20 18:40:28 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2022-07-20 18:40:28 +0300 |
commit | b595cb0c1dec83de5bdee18284abe86614bed33b (patch) | |
tree | 8c3d4540f193c5ff98019352f554e921b3a41a72 /doc/api/oauth2.md | |
parent | 2f9104a328fc8a4bddeaa4627b595166d24671d0 (diff) |
Add latest changes from gitlab-org/gitlab@15-2-stable-eev15.2.0-rc42
Diffstat (limited to 'doc/api/oauth2.md')
-rw-r--r-- | doc/api/oauth2.md | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md index be58d75333d..35c6eb4a982 100644 --- a/doc/api/oauth2.md +++ b/doc/api/oauth2.md @@ -15,16 +15,21 @@ To configure GitLab for this, see This functionality is based on the [doorkeeper Ruby gem](https://github.com/doorkeeper-gem/doorkeeper). -## CORS preflight requests +## Cross-origin resource sharing -> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/364680) in GitLab 15.1. +> CORS preflight request support [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/364680) in GitLab 15.1. -The following endpoints support [CORS preflight requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS): +Many `/oauth` endpoints support cross-origin resource sharing (CORS). From GitLab 15.1, the following endpoints also +support [CORS preflight requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS): - `/oauth/revoke` - `/oauth/token` - `/oauth/userinfo` +In addition to the headers listed for [simple requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests), +only the `Authorization` header can be used for preflight requests. For example, the `X-Requested-With` header +can't be used for preflight requests. + ## Supported OAuth 2.0 flows GitLab supports the following authorization flows: |