Skip to content

Gitea 1.24.4 completely ignores valid [cors] section in app.ini #35237

New issue
New issue
Open
Open
Gitea 1.24.4 completely ignores valid [cors] section in app.ini#35237
Labels
issue/needs-feedbackFor bugs, we need more details. For features, the feature must be described in more detailtype/bug
@DhruvaSambrani

Description

@DhruvaSambrani
DhruvaSambrani
opened on Aug 8, 2025

Description

Gitea Version: 1.24.4
Database: Postgres
Running Environment: Docker

Bug Description

My Gitea instance (v1.24.4, running in Docker) completely fails to parse and apply the [cors] section from my app.ini file. Other sections of the app.ini are read and applied correctly, but the [cors] block is entirely ignored, as if it does not exist.

The primary symptom is that the [cors] section does not appear at all in the Site Administration -> Configuration view, and therefore no CORS headers are sent on API responses (specifically tested against /swagger.v1.json).

Troubleshooting Steps Performed

I have taken the following extensive troubleshooting steps, which lead me to believe this is a parsing bug within Gitea:

  1. Confirmed app.ini is Loaded: Changes to other sections (e.g., [server], [repository]) are correctly reflected in the Admin Configuration view and in Gitea's behavior. This confirms my Docker volume is mounted correctly and the file is being read.
  2. Checked for Environment Variable Overrides: I have confirmed by running env | grep GITEA__ inside the container that there are no GITEA__cors__ environment variables set that would override the app.ini.
  3. Identified and Fixed Initial app.ini Error: My initial configuration had an invalid key ACCESS_CONTROL_ALLOW_ORIGIN = * under the [repository] section. This syntax error was found and has been removed.
  4. Tested After Fixing app.ini: Even after removing the invalid line and restarting Gitea, the [cors] section is still not parsed and does not appear in the admin configuration view.
  5. Replaced [cors] Block: I have replaced the [cors] block multiple times with known-good, minimal configurations to rule out syntax or character-encoding issues. The issue persists.

The expected behavior is that Gitea should parse the valid [cors] section and apply the configuration. The actual behavior is that the section is silently ignored.

Relevant app.ini Configuration

This is the current, corrected app.ini file that demonstrates the issue. The [cors] section below is still not being loaded by Gitea.

APP_NAME = Gitea: MEOW iM
RUN_MODE = prod
RUN_USER = git
WORK_PATH = /data/gitea

[repository]
ROOT = /data/git/repositories

[repository.local]
LOCAL_COPY_PATH = /data/gitea/tmp/local-repo

[repository.upload]
TEMP_PATH = /data/gitea/uploads

[cors]
ENABLED = true
ALLOW_DOMAIN = https://homer.rove-koi.ts.net
METHODS = GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
ALLOW_CREDENTIALS = true

[server]
APP_DATA_PATH = /data/gitea
DOMAIN = git.rove-koi.ts.net
SSH_DOMAIN = git.rove-koi.ts.net
HTTP_PORT = 3000
ROOT_URL = https://git.rove-koi.ts.net/
DISABLE_SSH = false
SSH_PORT = 22
SSH_LISTEN_PORT = 22
LFS_START_SERVER = true
LFS_JWT_SECRET = [REDACTED]
OFFLINE_MODE = false

[database]
PATH = /data/gitea/gitea.db
DB_TYPE = postgres
HOST = db:5432
NAME = gitea
USER = gitea
PASSWD = gitea
LOG_SQL = false
SCHEMA = 
SSL_MODE = disable
CHARSET = utf8

[indexer]
ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve

[session]
PROVIDER_CONFIG = /data/gitea/sessions
PROVIDER = file

[picture]
AVATAR_UPLOAD_PATH = /data/gitea/avatars
REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
DISABLE_GRAVATAR = true
ENABLE_FEDERATED_AVATAR = false

[attachment]
PATH = /data/gitea/attachments

[log]
MODE = console
LEVEL = info
ROOT_PATH = /data/gitea/log

[security]
INSTALL_LOCK = true
SECRET_KEY = [REDACTED]
REVERSE_PROXY_LIMIT = 1
REVERSE_PROXY_TRUSTED_PROXIES = *
INTERNAL_TOKEN = [REDACTED]
PASSWORD_HASH_ALGO = pbkdf2

[service]
DISABLE_REGISTRATION = false
REQUIRE_SIGNIN_VIEW = false
REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = false
ALLOW_ONLY_EXTERNAL_REGISTRATION = false
ENABLE_CAPTCHA = false
DEFAULT_KEEP_EMAIL_PRIVATE = false
DEFAULT_ALLOW_CREATE_ORGANIZATION = true
DEFAULT_ENABLE_TIMETRACKING = true
NO_REPLY_ADDRESS = noreply.localhost

[mailer]
ENABLED = false

[openid]
ENABLE_OPENID_SIGNIN = false
ENABLE_OPENID_SIGNUP = false

[lfs]
PATH = /data/git/lfs

[oauth2]
JWT_SECRET = [REDACTED]

Gitea Version

1.24.4

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

2.49.1

Operating System

arch linux (but in docker)

How are you running Gitea?

Docker, arch linux, behind TSDProxy

Database

PostgreSQL

Metadata

Metadata

Assignees

No one assigned

    Labels

    issue/needs-feedbackFor bugs, we need more details. For features, the feature must be described in more detailtype/bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions