42d294941c
Removes the CSRF cookie in favor of [`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection) which relies purely on HTTP headers. Fixes: https://github.com/go-gitea/gitea/issues/11188 Fixes: https://github.com/go-gitea/gitea/issues/30333 Helps: https://github.com/go-gitea/gitea/issues/35107 TODOs: - [x] Fix tests - [ ] Ideally add tests to validates the protection --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
18 lines
658 B
Handlebars
18 lines
658 B
Handlebars
{{template "base/head" .}}
|
|
<div role="main" aria-label="{{.Title}}" class="page-content repository">
|
|
{{template "repo/header" .}}
|
|
<div class="ui container">
|
|
{{template "base/alert" .}}
|
|
<form class="ui form form-fetch-action" method="post" action="{{.RepoLink}}/_fork/{{.BranchName | PathEscapeSegments}}">
|
|
<div class="tw-text-center">
|
|
<div class="tw-my-[40px]">
|
|
<h3>{{ctx.Locale.Tr "repo.editor.fork_create"}}</h3>
|
|
<p>{{ctx.Locale.Tr "repo.editor.fork_create_description"}}</p>
|
|
</div>
|
|
<button class="ui primary button">{{ctx.Locale.Tr "repo.fork_repo"}}</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
{{template "base/footer" .}}
|