Go-Gitea
/
gitea
mirror of https://github.com/go-gitea/gitea.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
gitea/modules/setting
History
silverwind 42d294941c
Replace CSRF cookie with `CrossOriginProtection` (#36183) 
Removes the CSRF cookie in favor of
[`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection)
which relies purely on HTTP headers.

Fixes: https://github.com/go-gitea/gitea/issues/11188
Fixes: https://github.com/go-gitea/gitea/issues/30333
Helps: https://github.com/go-gitea/gitea/issues/35107

TODOs:

- [x] Fix tests
- [ ] Ideally add tests to validates the protection

---------

Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
 		2025-12-25 12:33:34 +02:00
..
config Use configurable remote name for git commands (#35172) 2025-08-21 10:14:35 -07:00
actions.go modules/setting/actions.go: fixed typo: ì->i (#35253) 2025-08-11 22:57:44 -04:00
actions_test.go Enable testifylint rules (#34075) 2025-03-31 01:53:48 -04:00
admin.go
api.go Add API endpoint to request contents of multiple files simultaniously (#34139) 2025-04-22 01:20:11 +08:00
asset_dynamic.go
asset_static.go
attachment.go fix attachment file size limit in server backend (#35519) 2025-10-21 15:07:11 +00:00
attachment_test.go Enable testifylint rules (#34075) 2025-03-31 01:53:48 -04:00
cache.go
camo.go
config.go Bump golangci-lint to 2.7.2, enable modernize stringsbuilder (#36180) 2025-12-17 20:50:53 +00:00
config_env.go update golangci-lint to v2.7.0 (#36079) 2025-12-04 09:06:44 +00:00
config_env_test.go enforce explanation for necessary nolints and fix bugs (#34883) 2025-06-27 21:48:03 +08:00
config_provider.go Changed a small typo in an error message and code comments. (#36117) 2025-12-09 10:14:05 -05:00
config_provider_test.go Enable testifylint rules (#34075) 2025-03-31 01:53:48 -04:00
cors.go
cron.go
cron_test.go Fix a bug where lfs gc never worked. (#35198) 2025-08-12 05:38:17 +00:00
database.go
database_sqlite.go
database_test.go
federation.go
git.go Add git.DIFF_RENAME_SIMILARITY_THRESHOLD option (#36164) 2025-12-17 10:02:32 +00:00
git_test.go Refactor some tests (#34580) 2025-06-03 01:26:19 +00:00
gloabl_lock.go
glob.go Replace gobwas/glob package (#35478) 2025-09-13 18:01:00 +00:00
global.go
global_lock_test.go Enable testifylint rules (#34075) 2025-03-31 01:53:48 -04:00
highlight.go
i18n.go
incoming_email.go Enable addtional linters (#34085) 2025-04-01 10:14:01 +00:00
indexer.go Run `gopls modernize` on codebase (#34751) 2025-06-18 01:48:09 +00:00
indexer_test.go Update dependencies (#35733) 2025-10-23 08:35:48 +00:00
lfs.go
lfs_test.go Enable testifylint rules (#34075) 2025-03-31 01:53:48 -04:00
log.go Run `gopls modernize` on codebase (#34751) 2025-06-18 01:48:09 +00:00
log_test.go
mailer.go Email option to embed images as base64 instead of link (#32061) 2025-03-05 16:29:29 +00:00
mailer_test.go Enable testifylint rules (#34075) 2025-03-31 01:53:48 -04:00
markup.go Replace CSRF cookie with `CrossOriginProtection` (#36183) 2025-12-25 12:33:34 +02:00
markup_test.go Fix markdown render behaviors (#34122) 2025-04-05 11:56:48 +08:00
metrics.go
migrations.go
mime_type_map.go
mirror.go Run `gopls modernize` on codebase (#34751) 2025-06-18 01:48:09 +00:00
oauth2.go Replace CSRF cookie with `CrossOriginProtection` (#36183) 2025-12-25 12:33:34 +02:00
oauth2_test.go Enable testifylint rules (#34075) 2025-03-31 01:53:48 -04:00
other.go
packages.go Fix package upload temp path (#34196) 2025-04-14 18:55:02 +08:00
packages_test.go Enable testifylint rules (#34075) 2025-03-31 01:53:48 -04:00
path.go Uniform all temporary directories and allow customizing temp path (#32352) 2025-04-08 16:15:28 +00:00
path_test.go
picture.go
project.go
proxy.go
queue.go
repository.go Stream repo zip/tar.gz/bundle achives by default (#35487) 2025-09-19 11:51:21 +08:00
repository_archive.go
repository_archive_test.go Enable testifylint rules (#34075) 2025-03-31 01:53:48 -04:00
security.go Replace CSRF cookie with `CrossOriginProtection` (#36183) 2025-12-25 12:33:34 +02:00
server.go Make Golang correctly delete temp files during uploading (#36128) 2025-12-11 19:59:42 +01:00
service.go Replace gobwas/glob package (#35478) 2025-09-13 18:01:00 +00:00
service_test.go Replace gobwas/glob package (#35478) 2025-09-13 18:01:00 +00:00
session.go Support selecting theme on the footer (#35741) 2025-10-28 18:25:00 +08:00
setting.go Fix bug when viewing the commit diff page with non-ANSI files (#36149) 2025-12-13 21:54:03 +08:00
setting_test.go
ssh.go Update x/crypto package and make builtin SSH use default parameters (#34667) 2025-06-09 19:51:02 +00:00
storage.go enforce explanation for necessary nolints and fix bugs (#34883) 2025-06-27 21:48:03 +08:00
storage_test.go Enable testifylint rules (#34075) 2025-03-31 01:53:48 -04:00
task.go
time.go
ui.go Avoid emoji mismatch and allow to only enable chosen emojis (#35692) 2025-10-19 13:06:45 -07:00
webhook.go