gitea

mirror of https://github.com/go-gitea/gitea.git synced 2026-04-30 08:00:19 +00:00

Files

silverwind 42d294941c Replace CSRF cookie with CrossOriginProtection (#36183 )

Removes the CSRF cookie in favor of
[`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection)
which relies purely on HTTP headers.

Fixes: https://github.com/go-gitea/gitea/issues/11188
Fixes: https://github.com/go-gitea/gitea/issues/30333
Helps: https://github.com/go-gitea/gitea/issues/35107

TODOs:

- [x] Fix tests
- [ ] Ideally add tests to validates the protection

---------

Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

2025-12-25 12:33:34 +02:00

actions.tmpl

…

applications_oauth2_edit.tmpl

…

applications.tmpl

…

blocked_users.tmpl

…

hook_new.tmpl

…

hooks.tmpl

…

labels.tmpl

…

layout_footer.tmpl

…

layout_head.tmpl

…

navbar.tmpl

…

options_dangerzone.tmpl

Replace CSRF cookie with CrossOriginProtection (#36183 )

2025-12-25 12:33:34 +02:00

options.tmpl

Replace CSRF cookie with CrossOriginProtection (#36183 )

2025-12-25 12:33:34 +02:00

packages_cleanup_rules_edit.tmpl

…

packages_cleanup_rules_preview.tmpl

…

packages.tmpl

…

runners_edit.tmpl

…