Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/api/oauth2.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/api/oauth2.md')
-rw-r--r--doc/api/oauth2.md11
1 files changed, 8 insertions, 3 deletions
diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md
index be58d75333d..35c6eb4a982 100644
--- a/doc/api/oauth2.md
+++ b/doc/api/oauth2.md
@@ -15,16 +15,21 @@ To configure GitLab for this, see
This functionality is based on the [doorkeeper Ruby gem](https://github.com/doorkeeper-gem/doorkeeper).
-## CORS preflight requests
+## Cross-origin resource sharing
-> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/364680) in GitLab 15.1.
+> CORS preflight request support [introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/364680) in GitLab 15.1.
-The following endpoints support [CORS preflight requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS):
+Many `/oauth` endpoints support cross-origin resource sharing (CORS). From GitLab 15.1, the following endpoints also
+support [CORS preflight requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS):
- `/oauth/revoke`
- `/oauth/token`
- `/oauth/userinfo`
+In addition to the headers listed for [simple requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests),
+only the `Authorization` header can be used for preflight requests. For example, the `X-Requested-With` header
+can't be used for preflight requests.
+
## Supported OAuth 2.0 flows
GitLab supports the following authorization flows:
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-31 06:55:24 +0300