gitea

History

silverwind 42d294941c Replace CSRF cookie with `CrossOriginProtection` (#36183 ) Removes the CSRF cookie in favor of [`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection) which relies purely on HTTP headers. Fixes: https://github.com/go-gitea/gitea/issues/11188 Fixes: https://github.com/go-gitea/gitea/issues/30333 Helps: https://github.com/go-gitea/gitea/issues/35107 TODOs: - [x] Fix tests - [ ] Ideally add tests to validates the protection --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>		2025-12-25 12:33:34 +02:00
..
alert_details.tmpl	Fix code tag style problem and LFS view bug (#35628 )	2025-10-12 02:38:42 +08:00
alert.tmpl	Enforce two-factor auth (2FA: TOTP or WebAuthn) (#34187 )	2025-04-28 15:31:59 -07:00
disable_form_autofill.tmpl	Disable form autofill (#17291 )	2021-10-19 01:08:41 +03:00
footer_content.tmpl	Support selecting theme on the footer (#35741 )	2025-10-28 18:25:00 +08:00
footer.tmpl	Merge index.js (#34963 )	2025-07-06 04:55:16 +00:00
head_navbar_icons.tmpl	Refactor head navbar icons (#34922 )	2025-07-04 13:03:22 +02:00
head_navbar.tmpl	Replace CSRF cookie with `CrossOriginProtection` (#36183 )	2025-12-25 12:33:34 +02:00
head_opengraph.tmpl	Fix context usages (#35348 )	2025-08-27 11:00:01 +00:00
head_script.tmpl	Replace CSRF cookie with `CrossOriginProtection` (#36183 )	2025-12-25 12:33:34 +02:00
head_style.tmpl	Support selecting theme on the footer (#35741 )	2025-10-28 18:25:00 +08:00
head.tmpl	Replace CSRF cookie with `CrossOriginProtection` (#36183 )	2025-12-25 12:33:34 +02:00
markup_codepreview.tmpl	Improve and fix markup code preview rendering (#35777 )	2025-10-30 05:15:42 +00:00
modal_actions_confirm.tmpl	Refactor tmpl and blob_excerpt (#32967 )	2024-12-25 00:51:13 +08:00
paginate.tmpl	Only use prev and next buttons for pagination on user dashboard (#33981 )	2025-03-23 19:52:43 +00:00