gitcaddy/gitea
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity
20,146 Commits 19 Branches 251 Tags 326 MiB
42d294941c
Commit Graph

3 Commits

Author SHA1 Message Date
silverwind
42d294941c
Replace CSRF cookie with CrossOriginProtection (#36183) 
Removes the CSRF cookie in favor of
[`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection)
which relies purely on HTTP headers.

Fixes: https://github.com/go-gitea/gitea/issues/11188
Fixes: https://github.com/go-gitea/gitea/issues/30333
Helps: https://github.com/go-gitea/gitea/issues/35107

TODOs:

- [x] Fix tests
- [ ] Ideally add tests to validates the protection

---------

Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
 2025-12-25 12:33:34 +02:00
yp05327
5023238088
Add descriptions for private repo public access settings and improve the UI (#34057) 
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
 2025-03-29 21:24:27 +08:00
wxiaoguang
cddd19efc8
Add anonymous access support for private/unlisted repositories (#34051) 
Follow #33127

Fix #8649, fix #639

This is a complete solution. A repo unit could be set to:

* Anonymous read (non-signed-in user)
* Everyone read (signed-in user)
* Everyone write (wiki-only)
 2025-03-29 13:26:41 +08:00