42d294941c
Removes the CSRF cookie in favor of [`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection) which relies purely on HTTP headers. Fixes: https://github.com/go-gitea/gitea/issues/11188 Fixes: https://github.com/go-gitea/gitea/issues/30333 Helps: https://github.com/go-gitea/gitea/issues/35107 TODOs: - [x] Fix tests - [ ] Ideally add tests to validates the protection --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
29 lines
1.3 KiB
Handlebars
29 lines
1.3 KiB
Handlebars
{{template "base/head" .}}
|
|
<div role="main" aria-label="{{.Title}}" class="page-content repository file editor edit">
|
|
{{template "repo/header" .}}
|
|
<div class="ui container">
|
|
{{template "base/alert" .}}
|
|
<form class="ui edit form form-fetch-action" method="post" action="{{.CommitFormOptions.TargetFormAction}}">
|
|
{{template "repo/editor/common_top" .}}
|
|
<input type="hidden" name="revert" value="{{if eq .CherryPickType "revert"}}true{{else}}false{{end}}">
|
|
<div class="repo-editor-header">
|
|
<div class="breadcrumb">
|
|
{{$shaurl := printf "%s/commit/%s" $.RepoLink (PathEscape .FromCommitID)}}
|
|
{{$shalink := HTMLFormat `<a class="ui primary sha label" href="%s">%s</a>` $shaurl (ShortSha .FromCommitID)}}
|
|
{{if eq .CherryPickType "revert"}}
|
|
{{ctx.Locale.Tr "repo.editor.revert" $shalink}}
|
|
{{else}}
|
|
{{ctx.Locale.Tr "repo.editor.cherry_pick" $shalink}}
|
|
{{end}}
|
|
<a class="section" href="{{$.RepoLink}}">{{.Repository.FullName}}</a>
|
|
<div class="breadcrumb-divider">:</div>
|
|
<a class="section" href="{{$.BranchLink}}">{{.BranchName}}</a>
|
|
<span>{{ctx.Locale.Tr "repo.editor.or"}} <a href="{{$shaurl}}">{{ctx.Locale.Tr "repo.editor.cancel_lower"}}</a></span>
|
|
</div>
|
|
</div>
|
|
{{template "repo/editor/commit_form" .}}
|
|
</form>
|
|
</div>
|
|
</div>
|
|
{{template "base/footer" .}}
|