mirrors/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2025-12-26 08:08:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
42d294941c0483090b1584a89cb32fc79c70e8eb
gitea/modules/setting
History
silverwind 42d294941c Replace CSRF cookie with CrossOriginProtection (#36183) 
Removes the CSRF cookie in favor of
[`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection)
which relies purely on HTTP headers.

Fixes: https://github.com/go-gitea/gitea/issues/11188
Fixes: https://github.com/go-gitea/gitea/issues/30333
Helps: https://github.com/go-gitea/gitea/issues/35107

TODOs:

- [x] Fix tests
- [ ] Ideally add tests to validates the protection

---------

Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-12-25 12:33:34 +02:00
..
config
Use configurable remote name for git commands (#35172)
2025-08-21 10:14:35 -07:00
actions_test.go
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
actions.go
modules/setting/actions.go: fixed typo: ì->i (#35253)
2025-08-11 22:57:44 -04:00
admin.go
Enhance USER_DISABLED_FEATURES to allow disabling change username or full name (#31959)
2024-10-05 20:41:38 +00:00
api.go
Add API endpoint to request contents of multiple files simultaniously (#34139)
2025-04-22 01:20:11 +08:00
asset_dynamic.go
Use a general approach to access custom/static/builtin assets (#24022)
2023-04-12 18:16:45 +08:00
asset_static.go
Use a general approach to access custom/static/builtin assets (#24022)
2023-04-12 18:16:45 +08:00
attachment_test.go
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
attachment.go
fix attachment file size limit in server backend (#35519)
2025-10-21 15:07:11 +00:00
cache.go
Always enable caches (#28527)
2023-12-19 09:29:05 +00:00
camo.go
Use camo.Always instead of camo.Allways (#32097)
2024-09-21 12:50:54 +03:00
config_env_test.go
enforce explanation for necessary nolints and fix bugs (#34883)
2025-06-27 21:48:03 +08:00
config_env.go
update golangci-lint to v2.7.0 (#36079)
2025-12-04 09:06:44 +00:00
config_provider_test.go
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
config_provider.go
Changed a small typo in an error message and code comments. (#36117)
2025-12-09 10:14:05 -05:00
config.go
Bump golangci-lint to 2.7.2, enable modernize stringsbuilder (#36180)
2025-12-17 20:50:53 +00:00
cors.go
Fix settings not being loaded at CLI (#26402)
2024-12-30 05:54:20 +00:00
cron_test.go
Fix a bug where lfs gc never worked. (#35198)
2025-08-12 05:38:17 +00:00
cron.go
Replace interface{} with any (#25686)
2023-07-04 18:36:08 +00:00
database_sqlite.go
Implement FSFE REUSE for golang files (#21840)
2022-11-27 18:20:29 +00:00
database_test.go
Fix incorrect PostgreSQL connection string for Unix sockets (#28865)
2024-01-20 16:04:47 +00:00
database.go
Add slow SQL query warning (#27545)
2024-02-23 00:57:24 +00:00
federation.go
Remove SHA1 for support for ssh rsa signing (#31857)
2024-09-07 18:05:18 -04:00
git_test.go
Refactor some tests (#34580)
2025-06-03 01:26:19 +00:00
git.go
Add git.DIFF_RENAME_SIMILARITY_THRESHOLD option (#36164)
2025-12-17 10:02:32 +00:00
gloabl_lock.go
Use global lock instead of NewExclusivePool to allow distributed lock between multiple Gitea instances (#31813)
2024-09-06 10:12:41 +00:00
glob.go
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
global_lock_test.go
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
global.go
Fix duplicate sub-path for avatars (#31365)
2024-06-15 11:43:57 +08:00
highlight.go
Refactor the setting to make unit test easier (#22405)
2023-02-20 00:12:01 +08:00
i18n.go
Update i18n.go - Language Picker (#32933)
2024-12-21 04:56:08 +00:00
incoming_email.go
Enable addtional linters (#34085)
2025-04-01 10:14:01 +00:00
indexer_test.go
Update dependencies (#35733)
2025-10-23 08:35:48 +00:00
indexer.go
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
lfs_test.go
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
lfs.go
Use 8 as default value for git lfs concurrency (#32421)
2024-11-05 13:10:57 +00:00
log_test.go
Replace interface{} with any (#25686)
2023-07-04 18:36:08 +00:00
log.go
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
mailer_test.go
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
mailer.go
Email option to embed images as base64 instead of link (#32061)
2025-03-05 16:29:29 +00:00
markup_test.go
Fix markdown render behaviors (#34122)
2025-04-05 11:56:48 +08:00
markup.go
Replace CSRF cookie with CrossOriginProtection (#36183)
2025-12-25 12:33:34 +02:00
metrics.go
Refactor the setting to make unit test easier (#22405)
2023-02-20 00:12:01 +08:00
migrations.go
Refactor the setting to make unit test easier (#22405)
2023-02-20 00:12:01 +08:00
mime_type_map.go
Refactor the setting to make unit test easier (#22405)
2023-02-20 00:12:01 +08:00
mirror.go
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
oauth2_test.go
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
oauth2.go
Replace CSRF cookie with CrossOriginProtection (#36183)
2025-12-25 12:33:34 +02:00
other.go
Add [other].SHOW_FOOTER_POWERED_BY setting to hide Powered by (#30253)
2024-04-03 16:01:50 +00:00
packages_test.go
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
packages.go
Fix package upload temp path (#34196)
2025-04-14 18:55:02 +08:00
path_test.go
Refactor path & config system (#25330)
2023-06-21 13:50:26 +08:00
path.go
Uniform all temporary directories and allow customizing temp path (#32352)
2025-04-08 16:15:28 +00:00
picture.go
Fix all possible setting error related storages and added some tests (#23911)
2023-06-14 11:42:38 +08:00
project.go
Refactor the setting to make unit test easier (#22405)
2023-02-20 00:12:01 +08:00
proxy.go
Refactor the setting to make unit test easier (#22405)
2023-02-20 00:12:01 +08:00
queue.go
Increase queue length (#27555)
2023-10-10 18:47:49 +08:00
repository_archive_test.go
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
repository_archive.go
Fix all possible setting error related storages and added some tests (#23911)
2023-06-14 11:42:38 +08:00
repository.go
Stream repo zip/tar.gz/bundle achives by default (#35487)
2025-09-19 11:51:21 +08:00
security.go
Replace CSRF cookie with CrossOriginProtection (#36183)
2025-12-25 12:33:34 +02:00
server.go
Make Golang correctly delete temp files during uploading (#36128)
2025-12-11 19:59:42 +01:00
service_test.go
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
service.go
Replace gobwas/glob package (#35478)
2025-09-13 18:01:00 +00:00
session.go
Support selecting theme on the footer (#35741)
2025-10-28 18:25:00 +08:00
setting_test.go
Implement FSFE REUSE for golang files (#21840)
2022-11-27 18:20:29 +00:00
setting.go
Fix bug when viewing the commit diff page with non-ANSI files (#36149)
2025-12-13 21:54:03 +08:00
ssh.go
Update x/crypto package and make builtin SSH use default parameters (#34667)
2025-06-09 19:51:02 +00:00
storage_test.go
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
storage.go
enforce explanation for necessary nolints and fix bugs (#34883)
2025-06-27 21:48:03 +08:00
task.go
handle deprecated settings (#22992)
2023-02-20 16:18:26 -06:00
time.go
Fix settings not being loaded at CLI (#26402)
2024-12-30 05:54:20 +00:00
ui.go
Avoid emoji mismatch and allow to only enable chosen emojis (#35692)
2025-10-19 13:06:45 -07:00
webhook.go
Refactor the setting to make unit test easier (#22405)
2023-02-20 00:12:01 +08:00