Lavande/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-12-25 20:21:33 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
42d294941c0483090b1584a89cb32fc79c70e8eb
gitea/modules
History
silverwind 42d294941c Replace CSRF cookie with CrossOriginProtection (#36183) 
Removes the CSRF cookie in favor of
[`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection)
which relies purely on HTTP headers.

Fixes: https://github.com/go-gitea/gitea/issues/11188
Fixes: https://github.com/go-gitea/gitea/issues/30333
Helps: https://github.com/go-gitea/gitea/issues/35107

TODOs:

- [x] Fix tests
- [ ] Ideally add tests to validates the protection

---------

Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-12-25 12:33:34 +02:00
..
actions
Limit reading bytes instead of ReadAll (#35928)
2025-11-12 19:44:49 +08:00
activitypub
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
analyze
Refactor older tests to use testify (#33140)
2025-01-09 09:21:47 +08:00
assetfs
use experimental go json v2 library (#35392)
2025-09-28 08:03:36 +00:00
auth
Fix oauth2 session gob register (#36017)
2025-11-26 23:25:34 +08:00
avatar
Fix various typos in codebase (#35480)
2025-09-13 10:34:43 -04:00
badge
Add flat-square action badge style (#34062)
2025-04-01 09:42:10 +00:00
base
Refactor ls-tree and git path related problems (#35858)
2025-11-05 17:48:38 +00:00
cache
enforce explanation for necessary nolints and fix bugs (#34883)
2025-06-27 21:48:03 +08:00
cachegroup
Cache GPG keys, emails and users when list commits (#34086)
2025-04-09 16:34:38 +00:00
charset
Fix code highlighting on blame page (#36157)
2025-12-14 12:40:55 +02:00
commitstatus
enforce nolint scope (#34851)
2025-06-27 07:59:55 +02:00
container
Refactor sidebar assignee&milestone&project selectors (#32465)
2024-11-11 04:07:54 +08:00
csv
Disable Field count validation of CSV viewer (#35228)
2025-09-04 09:54:58 -07:00
dump
Use github.com/mholt/archives replace github.com/mholt/archiver (#35390)
2025-09-01 19:40:12 +00:00
emoji
Avoid emoji mismatch and allow to only enable chosen emojis (#35692)
2025-10-19 13:06:45 -07:00
eventsource
Refactor older tests to use testify (#33140)
2025-01-09 09:21:47 +08:00
fileicon
fix some file icon ui (#36078)
2025-12-04 19:47:23 +01:00
generate
Refactor JWT secret generating & decoding code (#29172)
2024-02-16 15:18:30 +00:00
git
Bump golangci-lint to 2.7.2, enable modernize stringsbuilder (#36180)
2025-12-17 20:50:53 +00:00
gitrepo
Move blame to gitrepo (#36161)
2025-12-16 16:14:14 -08:00
glob
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
globallock
Upgrade golang to 1.25.1 and add descriptions for the swagger structs' fields (#35418)
2025-09-06 16:52:41 +00:00
graceful
Fix shutdown waitgroup panic (#35676)
2025-10-25 00:02:58 -07:00
gtprof
Add start time on perf trace because it seems some steps haven't been recorded. (#35282)
2025-08-18 15:17:19 +00:00
hcaptcha
Mock external service in hcaptcha TestCaptcha (#35604)
2025-10-10 06:21:45 +02:00
highlight
Fix code highlighting on blame page (#36157)
2025-12-14 12:40:55 +02:00
hostmatcher
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
htmlutil
Improve labels-list rendering (#34846)
2025-06-27 23:12:25 +08:00
httpcache
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
httplib
Fix bug when viewing the commit diff page with non-ANSI files (#36149)
2025-12-13 21:54:03 +08:00
indexer
Enable bodyclose linter (#36168)
2025-12-16 14:08:43 +01:00
issue/template
Limit reading bytes instead of ReadAll (#35928)
2025-11-12 19:44:49 +08:00
json
Drop json-iterator dependency (#35544)
2025-09-28 22:30:28 +08:00
label
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
lfs
Drop json-iterator dependency (#35544)
2025-09-28 22:30:28 +08:00
lfstransfer
Fix missing Close when error occurs and abused connection pool (#35658)
2025-10-15 09:47:12 +00:00
log
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
markup
Improve math rendering (#36124)
2025-12-10 15:49:24 +00:00
mcaptcha
Implement FSFE REUSE for golang files (#21840)
2022-11-27 18:20:29 +00:00
metrics
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
migration
Use a migration test instead of a wrong test which populated the meta test repositories and fix a migration bug (#36160)
2025-12-17 12:00:07 -08:00
nosql
Refactor older tests to use testify (#33140)
2025-01-09 09:21:47 +08:00
optional
use experimental go json v2 library (#35392)
2025-09-28 08:03:36 +00:00
options
Refactor embedded assets and drop unnecessary dependencies (#34692)
2025-06-12 03:59:33 +00:00
packages
Fix various bugs (#36139)
2025-12-12 18:56:05 +00:00
paginator
Only use prev and next buttons for pagination on user dashboard (#33981)
2025-03-23 19:52:43 +00:00
pprof
Implement FSFE REUSE for golang files (#21840)
2022-11-27 18:20:29 +00:00
private
Fix missing Close when error occurs and abused connection pool (#35658)
2025-10-15 09:47:12 +00:00
process
Use test context in tests and new loop system in benchmarks (#33648)
2025-02-20 09:57:40 +00:00
proxy
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
proxyprotocol
Enable addtional linters (#34085)
2025-04-01 10:14:01 +00:00
public
Upgrade gopls to v0.19.0, add make fix (#34772)
2025-06-18 19:30:40 +00:00
queue
Fix various typos in codebase (#35480)
2025-09-13 10:34:43 -04:00
recaptcha
Implement FSFE REUSE for golang files (#21840)
2022-11-27 18:20:29 +00:00
references
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
regexplru
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
repository
Move commit related functions to gitrepo package (#35600)
2025-12-05 00:20:23 +00:00
reqctx
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
secret
Upgrade golangci-lint to v1.64.5 (#33654)
2025-02-21 00:05:40 +08:00
session
Add proper error message if session provider can not be created (#35520)
2025-09-28 12:24:19 +00:00
setting
Replace CSRF cookie with CrossOriginProtection (#36183)
2025-12-25 12:33:34 +02:00
sitemap
Fix sitemap (#22272)
2022-12-30 23:31:00 +08:00
ssh
Update x/crypto package and make builtin SSH use default parameters (#34667)
2025-06-09 19:51:02 +00:00
storage
Allow to display embed images/pdfs when SERVE_DIRECT was enabled on MinIO storage (#35882)
2025-11-09 21:31:25 -08:00
structs
Support updating branch via API (#35951)
2025-12-10 19:23:26 +00:00
svg
Support selecting theme on the footer (#35741)
2025-10-28 18:25:00 +08:00
system
Remove incorrect "db.DefaultContext" usages (#35366)
2025-08-28 03:52:43 +00:00
tailmsg
Support performance trace (#32973)
2025-01-21 18:57:07 +00:00
tempdir
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
templates
Bump golangci-lint to 2.7.2, enable modernize stringsbuilder (#36180)
2025-12-17 20:50:53 +00:00
test
Validate hex colors when creating/editing labels (#34623)
2025-06-07 11:25:08 +03:00
testlogger
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
timeutil
Refactor embedded assets and drop unnecessary dependencies (#34692)
2025-06-12 03:59:33 +00:00
translation
Convert locale files from ini to json format (#35489)
2025-12-19 09:50:48 -08:00
turnstile
Add new captcha: cloudflare turnstile (#22369)
2023-02-05 15:29:03 +08:00
typesniffer
Fix various typos in codebase (#35480)
2025-09-13 10:34:43 -04:00
updatechecker
Enable addtional linters (#34085)
2025-04-01 10:14:01 +00:00
uri
Implement FSFE REUSE for golang files (#21840)
2022-11-27 18:20:29 +00:00
user
Refactor older tests to use testify (#33140)
2025-01-09 09:21:47 +08:00
util
Limit reading bytes instead of ReadAll (#35928)
2025-11-12 19:44:49 +08:00
validation
update golangci-lint to v2.7.0 (#36079)
2025-12-04 09:06:44 +00:00
web
Make Golang correctly delete temp files during uploading (#36128)
2025-12-11 19:59:42 +01:00
webhook
Add workflow_run api + webhook (#33964)
2025-06-20 20:14:00 +08:00
zstd
Refactor embedded assets and drop unnecessary dependencies (#34692)
2025-06-12 03:59:33 +00:00