42d294941c
Removes the CSRF cookie in favor of [`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection) which relies purely on HTTP headers. Fixes: https://github.com/go-gitea/gitea/issues/11188 Fixes: https://github.com/go-gitea/gitea/issues/30333 Helps: https://github.com/go-gitea/gitea/issues/35107 TODOs: - [x] Fix tests - [ ] Ideally add tests to validates the protection --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
23 lines
833 B
Handlebars
23 lines
833 B
Handlebars
{{template "base/head" .}}
|
|
<div role="main" aria-label="{{.Title}}" class="page-content organization invite">
|
|
<div class="ui container">
|
|
{{template "base/alert" .}}
|
|
<div class="ui centered card">
|
|
<div class="image">
|
|
{{ctx.AvatarUtils.Avatar .Organization 140}}
|
|
</div>
|
|
<div class="content">
|
|
<div class="header">{{ctx.Locale.Tr "org.teams.invite.title" .Team.Name .Organization.Name}}</div>
|
|
<div class="meta">{{ctx.Locale.Tr "org.teams.invite.by" .Inviter.Name}}</div>
|
|
<div class="description">{{ctx.Locale.Tr "org.teams.invite.description"}}</div>
|
|
</div>
|
|
<div class="extra content">
|
|
<form class="ui form" action="" method="post">
|
|
<button class="fluid ui primary button">{{ctx.Locale.Tr "org.teams.join"}}</button>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
{{template "base/footer" .}}
|