gitea

mirror of https://github.com/go-gitea/gitea.git synced 2026-05-23 07:15:48 -05:00

Files

silverwind 42d294941c Replace CSRF cookie with CrossOriginProtection (#36183 )

Removes the CSRF cookie in favor of
[`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection)
which relies purely on HTTP headers.

Fixes: https://github.com/go-gitea/gitea/issues/11188
Fixes: https://github.com/go-gitea/gitea/issues/30333
Helps: https://github.com/go-gitea/gitea/issues/35107

TODOs:

- [x] Fix tests
- [ ] Ideally add tests to validates the protection

---------

Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

2025-12-25 12:33:34 +02:00

alert_details.tmpl

…

alert.tmpl

…

disable_form_autofill.tmpl

…

footer_content.tmpl

…

footer.tmpl

…

head_navbar_icons.tmpl

…

head_navbar.tmpl

Replace CSRF cookie with CrossOriginProtection (#36183 )

2025-12-25 12:33:34 +02:00

head_opengraph.tmpl

…

head_script.tmpl

Replace CSRF cookie with CrossOriginProtection (#36183 )

2025-12-25 12:33:34 +02:00

head_style.tmpl

…

head.tmpl

Replace CSRF cookie with CrossOriginProtection (#36183 )

2025-12-25 12:33:34 +02:00

markup_codepreview.tmpl

…

modal_actions_confirm.tmpl

…

paginate.tmpl

…