Use POST to change user selected language #5059

New Issue

Closed

opened 2025-11-02 06:12:42 -06:00 by GiteaMirror · 3 comments

GiteaMirror commented 2025-11-02 06:12:42 -06:00

Owner

Copy Link

Originally created by @techknowlogick on GitHub (Mar 14, 2020).

Looking at logs of various Gitea instances, many robots crawl the change language functionality resulting in many additional pages indexed.

Perhaps we could change the "switch user language" functionality to POST so that a GET isn't an action that changes something. Similar to how logout, star, and user follow actions work now. I'm thinking an endpoint /switch_user_language, and a return_to query param to bring the user back to the page that they were on.

Originally created by @techknowlogick on GitHub (Mar 14, 2020). Looking at logs of various Gitea instances, many robots crawl the change language functionality resulting in many additional pages indexed. Perhaps we could change the "switch user language" functionality to POST so that a GET isn't an action that changes something. Similar to how logout, star, and user follow actions work now. I'm thinking an endpoint `/switch_user_language`, and a `return_to` query param to bring the user back to the page that they were on.

GiteaMirror added the issue/confirmedtype/enhancement labels 2025-11-02 06:12:42 -06:00

GiteaMirror closed this issue 2025-11-02 06:12:42 -06:00

GiteaMirror commented 2025-11-02 06:12:43 -06:00

Author

Owner

Copy Link

@stale[bot] commented on GitHub (May 13, 2020):

This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.

@stale[bot] commented on GitHub (May 13, 2020): This issue has been automatically marked as stale because it has not had recent activity. I am here to help clear issues left open even if solved or waiting for more insight. This issue will be closed if no further activity occurs during the next 2 weeks. If the issue is still valid just add a comment to keep it alive. Thank you for your contributions.

GiteaMirror commented 2025-11-02 06:12:43 -06:00

Author

Owner

Copy Link

@techknowlogick commented on GitHub (May 25, 2020):

So some investigation into this:

The i18n library we use already supports accepting language change requests via POST already

> http --form POST https://codeberg.org/explore/repos lang='es-ES'                                                                                                                             
HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: lang=es-ES; Path=/; Max-Age=2147483647; Secure;SameSite
....

Now, of course we can't have a POST to every route changing languages as not all routes support GETs (as we can see from my example that the explore page 404s), this means that no logic for handling changing language needs to be added, however an approach like I suggested above (using a special route) may be the best path. The special route, instead of handling language changes, would just redirect the user back to the page they were on. Redirects are always a tricky thing when it comes to security, but likely any concerns can be alleviated using CSRF params in the form.

@techknowlogick commented on GitHub (May 25, 2020): So some investigation into this: The i18n library we use already supports accepting language change requests via POST already ``` > http --form POST https://codeberg.org/explore/repos lang='es-ES' HTTP/1.1 404 Not Found Connection: close Content-Type: text/html; charset=UTF-8 Set-Cookie: lang=es-ES; Path=/; Max-Age=2147483647; Secure;SameSite .... ```` Now, of course we can't have a POST to every route changing languages as not all routes support GETs (as we can see from my example that the explore page 404s), this means that no logic for handling changing language needs to be added, however an approach like I suggested above (using a special route) may be the best path. The special route, instead of handling language changes, would just redirect the user back to the page they were on. Redirects are always a tricky thing when it comes to security, but likely any concerns can be alleviated using CSRF params in the form.

GiteaMirror commented 2025-11-02 06:12:43 -06:00

Author

Owner

Copy Link

@silverwind commented on GitHub (Aug 1, 2020):

Can we just use an Ajax call to change the language and then perform a page reload?

There's also a unnecessary ?lang=de-DE added to the URL after changing language which should no longer be an issue after Ajax.

@silverwind commented on GitHub (Aug 1, 2020): Can we just use an Ajax call to change the language and then perform a page reload? There's also a unnecessary `?lang=de-DE` added to the URL after changing language which should no longer be an issue after Ajax.

GiteaMirror referenced this issue 2025-11-02 14:30:46 -06:00

[PR #5059] [MERGED] Update vendor/golang.org/x/sys #17618

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

release/v1.25

release/v1.24

release/v1.23

release/v1.22

release/v1.21

release/v1.20

release/v1.19

release/v1.18

release/v1.17

release/v1.16

release/v1.15

release/v1.14

release/v1.13

release/v1.12

release/v1.11

release/v1.10

release/v1.9

release/v1.8

v1.25.3

v1.25.2

v1.25.1

v1.25.0

v1.24.7

v1.25.0-rc0

v1.26.0-dev

v1.24.6

v1.24.5

v1.24.4

v1.24.3

v1.24.2

v1.24.1

v1.24.0

v1.23.8

v1.24.0-rc0

v1.25.0-dev

v1.23.7

v1.23.6

v1.23.5

v1.23.4

v1.23.3

v1.23.2

v1.23.1

v1.23.0

v1.23.0-rc0

v1.24.0-dev

v1.22.6

v1.22.5

v1.22.4

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.23.0-dev

v1.22.0-rc1

v1.21.11

v1.22.0-rc0

v1.21.10

v1.21.9

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.20.6

v1.21.1

v1.21.0

v1.21.0-rc2

v1.21.0-rc1

v1.20.5

v1.22.0-dev

v1.21.0-rc0

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.4

v1.21.0-dev

v1.20.0-rc2

v1.20.0-rc1

v1.20.0-rc0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.19.0-rc1

v1.20.0-dev

v1.19.0-rc0

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.4

v1.18.0-rc1

v1.19.0-dev

v1.18.0-rc0

v1.17.3

v1.17.2

v1.17.1

v1.17.0

v1.17.0-rc2

v1.16.9

v1.17.0-rc1

v1.18.0-dev

v1.16.8

v1.16.7

v1.16.6

v1.16.5

v1.16.4

v1.16.3

v1.16.2

v1.16.1

v1.16.0

v1.15.11

v1.17.0-dev

v1.16.0-rc1

v1.15.10

v1.15.9

v1.15.8

v1.15.7

v1.15.6

v1.15.5

v1.15.4

v1.15.3

v1.15.2

v1.15.1

v1.14.7

v1.15.0

v1.15.0-rc3

v1.14.6

v1.15.0-rc2

v1.14.5

v1.16.0-dev

v1.15.0-rc1

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.7

v1.14.0-rc2

v1.13.6

v1.13.5

v1.14.0-rc1

v1.15.0-dev

v1.13.4

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.6

v1.13.0-rc2

v1.14.0-dev

v1.13.0-rc1

v1.12.5

v1.12.4

v1.12.3

v1.12.2

v1.12.1

v1.11.8

v1.12.0

v1.11.7

v1.12.0-rc2

v1.11.6

v1.12.0-rc1

v1.13.0-dev

v1.11.5

v1.11.4

v1.11.3

v1.10.6

v1.12.0-dev

v1.11.2

v1.10.5

v1.11.1

v1.10.4

v1.11.0

v1.11.0-rc2

v1.10.3

v1.11.0-rc1

v1.10.2

v1.10.1

v1.10.0

v1.9.6

v1.9.5

v1.10.0-rc2

v1.11.0-dev

v1.10.0-rc1

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc2

v1.10.0-dev

v1.9.0-rc1

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc3

v1.7.6

v1.8.0-rc2

v1.7.5

v1.8.0-rc1

v1.9.0-dev

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc3

v1.6.4

v1.7.0-rc2

v1.6.3

v1.7.0-rc1

v1.7.0-dev

v1.6.2

v1.6.1

v1.6.0

v1.6.0-rc2

v1.5.3

v1.6.0-rc1

v1.6.0-dev

v1.5.2

v1.5.1

v1.5.0

v1.5.0-rc2

v1.5.0-rc1

v1.5.0-dev

v1.4.3

v1.4.2

v1.4.1

v1.4.0

v1.4.0-rc3

v1.4.0-rc2

v1.3.3

v1.4.0-rc1

v1.3.2

v1.3.1

v1.3.0

v1.3.0-rc2

v1.3.0-rc1

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc2

v1.1.4

v1.2.0-rc1

v1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.0.2

v1.0.1

v1.0.0

v0.9.99

Labels

Clear labels

$20

$250

$50

$500

backport/done

💎 Bounty

docs-update-needed

good first issue

hacktoberfest

issue/bounty

issue/confirmed

issue/critical

issue/duplicate

issue/needs-feedback

issue/not-a-bug

issue/regression

issue/stale

issue/workaround

lgtm/need 2

modifies/api

modifies/translation

outdated/backport/v1.18

outdated/theme/markdown

outdated/theme/timetracker

performance/bigrepo

performance/cpu

performance/memory

performance/speed

pr/breaking

proposal/accepted

proposal/rejected

pr/wip

pull-request

Mirrored from GitHub Pull Request

reviewed/wontfix

💰 Rewarded

skip-changelog

status/blocked

topic/accessibility

topic/api

topic/authentication

topic/build

topic/code-linting

topic/commit-signing

topic/content-rendering

topic/deployment

topic/distribution

topic/federation

topic/gitea-actions

topic/issues

topic/lfs

topic/mobile

topic/moderation

topic/packages

topic/pr

topic/projects

topic/repo

topic/repo-migration

topic/security

topic/theme

topic/ui

topic/ui-interaction

topic/ux

topic/webhooks

topic/wiki

type/bug

type/deprecation

type/docs

type/enhancement

type/feature

type/miscellaneous

type/proposal

type/question

type/refactoring

type/summary

type/testing

type/upstream

No Label issue/confirmed type/enhancement

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/gitea#5059