gitea

History

silverwind 42d294941c Replace CSRF cookie with `CrossOriginProtection` (#36183 ) Removes the CSRF cookie in favor of [`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection) which relies purely on HTTP headers. Fixes: https://github.com/go-gitea/gitea/issues/11188 Fixes: https://github.com/go-gitea/gitea/issues/30333 Helps: https://github.com/go-gitea/gitea/issues/35107 TODOs: - [x] Fix tests - [ ] Ideally add tests to validates the protection --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>		2025-12-25 12:33:34 +02:00
..
applications	Always use `ctx.Locale.Tr` inside templates (#27231 )	2023-09-25 08:56:50 +00:00
auth	Replace CSRF cookie with `CrossOriginProtection` (#36183 )	2025-12-25 12:33:34 +02:00
config_settings	split admin config settings templates to make it maintain easier (#35294 )	2025-09-04 15:42:26 +00:00
emails	Replace CSRF cookie with `CrossOriginProtection` (#36183 )	2025-12-25 12:33:34 +02:00
org	Add "No data available" display when list is empty (#33517 )	2025-02-09 00:13:41 +08:00
packages	Replace CSRF cookie with `CrossOriginProtection` (#36183 )	2025-12-25 12:33:34 +02:00
repo	Replace CSRF cookie with `CrossOriginProtection` (#36183 )	2025-12-25 12:33:34 +02:00
runners	Move secrets and runners settings to actions settings (#24200 )	2023-04-27 20:08:47 -04:00
user	Replace CSRF cookie with `CrossOriginProtection` (#36183 )	2025-12-25 12:33:34 +02:00
actions.tmpl	Added instance-level variables (#28115 )	2023-12-25 07:28:59 +00:00
config.tmpl	Replace CSRF cookie with `CrossOriginProtection` (#36183 )	2025-12-25 12:33:34 +02:00
cron.tmpl	Replace CSRF cookie with `CrossOriginProtection` (#36183 )	2025-12-25 12:33:34 +02:00
dashboard.tmpl	Replace CSRF cookie with `CrossOriginProtection` (#36183 )	2025-12-25 12:33:34 +02:00
hook_new.tmpl	Always use `ctx.Locale.Tr` inside templates (#27231 )	2023-09-25 08:56:50 +00:00
hooks.tmpl	Refactor webhook and fix feishu/lark secret (#34961 )	2025-07-06 06:04:08 +00:00
layout_footer.tmpl	Change to vertical navbar layout for secondary navbar for repo/user/admin settings (#24246 )	2023-04-23 18:21:21 +08:00
layout_head.tmpl	Fix flash message for flex-container (#30657 )	2024-04-23 08:31:51 +00:00
navbar.tmpl	Support performance trace (#32973 )	2025-01-21 18:57:07 +00:00
notice.tmpl	Replace CSRF cookie with `CrossOriginProtection` (#36183 )	2025-12-25 12:33:34 +02:00
perftrace.tmpl	Support performance trace (#32973 )	2025-01-21 18:57:07 +00:00
queue_manage.tmpl	Replace CSRF cookie with `CrossOriginProtection` (#36183 )	2025-12-25 12:33:34 +02:00
queue.tmpl	Always use `ctx.Locale.Tr` inside templates (#27231 )	2023-09-25 08:56:50 +00:00
self_check.tmpl	Add cache test for admins (#31265 )	2024-06-17 21:22:39 +02:00
stacktrace-row.tmpl	Fix code tag style problem and LFS view bug (#35628 )	2025-10-12 02:38:42 +08:00
stacktrace.tmpl	Support performance trace (#32973 )	2025-01-21 18:57:07 +00:00
stats.tmpl	Always use `ctx.Locale.Tr` inside templates (#27231 )	2023-09-25 08:56:50 +00:00
system_status.tmpl	Auto-update the system status in admin dashboard (#29163 )	2024-02-16 02:52:25 +00:00
trace_tabs.tmpl	Support performance trace (#32973 )	2025-01-21 18:57:07 +00:00