gitcaddy/gitea
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity
42d294941c
gitea/templates/repo/issue/sidebar/issue_management.tmpl
silverwind 42d294941c
Replace CSRF cookie with CrossOriginProtection (#36183) 
Removes the CSRF cookie in favor of
[`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection)
which relies purely on HTTP headers.

Fixes: https://github.com/go-gitea/gitea/issues/11188
Fixes: https://github.com/go-gitea/gitea/issues/30333
Helps: https://github.com/go-gitea/gitea/issues/35107

TODOs:

- [x] Fix tests
- [ ] Ideally add tests to validates the protection

---------

Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-12-25 12:33:34 +02:00

108 lines
3.4 KiB
Handlebars
Raw Blame History

{{if and .IsRepoAdmin (not .Repository.IsArchived)}}
<div class="divider"></div>
{{/* Pin issue */}}
{{if or .PinEnabled .Issue.IsPinned}}
<form class="tw-mt-1 form-fetch-action single-button-form" method="post" {{if $.NewPinAllowed}}action="{{.Issue.Link}}/pin"{{else}}data-tooltip-content="{{ctx.Locale.Tr "repo.issues.max_pinned"}}"{{end}}>
<button class="fluid ui button {{if not $.NewPinAllowed}}disabled{{end}}">
{{if not .Issue.IsPinned}}
{{svg "octicon-pin"}}
{{ctx.Locale.Tr "pin"}}
{{else}}
{{svg "octicon-pin-slash"}}
{{ctx.Locale.Tr "unpin"}}
{{end}}
</button>
</form>
{{end}}
{{/* Lock/unlock conversation */}}
<button class="tw-mt-1 fluid ui show-modal button{{if .Issue.IsLocked}} red{{end}}" data-modal="#lock-conversation">
{{if .Issue.IsLocked}}
{{svg "octicon-key"}} {{ctx.Locale.Tr "repo.issues.unlock"}}
{{else}}
{{svg "octicon-lock"}} {{ctx.Locale.Tr "repo.issues.lock"}}
{{end}}
</button>
<div class="ui tiny modal" id="lock-conversation">
<div class="header">
{{if .Issue.IsLocked}}
{{ctx.Locale.Tr "repo.issues.unlock.title"}}
{{else}}
{{ctx.Locale.Tr "repo.issues.lock.title"}}
{{end}}
</div>
<div class="content">
<div class="ui warning message">
{{if .Issue.IsLocked}}
{{ctx.Locale.Tr "repo.issues.unlock.notice_1"}}<br>
{{ctx.Locale.Tr "repo.issues.unlock.notice_2"}}<br>
{{else}}
{{ctx.Locale.Tr "repo.issues.lock.notice_1"}}<br>
{{ctx.Locale.Tr "repo.issues.lock.notice_2"}}<br>
{{ctx.Locale.Tr "repo.issues.lock.notice_3"}}<br>
{{end}}
</div>
<form class="ui form form-fetch-action" method="post" action="{{.Issue.Link}}{{if .Issue.IsLocked}}/unlock{{else}}/lock{{end}}">
{{if not .Issue.IsLocked}}
<div class="field">
<strong>{{ctx.Locale.Tr "repo.issues.lock.reason"}}</strong>
</div>
<div class="field">
<div class="ui fluid dropdown selection">
<input type="hidden" name="reason">
<div class="text"></div> {{svg "octicon-triangle-down" 14 "dropdown icon"}}
<div class="menu">
<div class="item" data-value=""></div>
{{range .LockReasons}}
<div class="item" data-value="{{.}}">{{.}}</div>
{{end}}
</div>
</div>
</div>
{{end}}
<div class="actions">
<button class="ui cancel button">{{ctx.Locale.Tr "settings.cancel"}}</button>
{{/* explicitly focus the submit button, to avoid Fomantic modal focuses and popups the dropdown */}}
<button class="ui red button" autofocus>
{{if .Issue.IsLocked}}
{{ctx.Locale.Tr "repo.issues.unlock_confirm"}}
{{else}}
{{ctx.Locale.Tr "repo.issues.lock_confirm"}}
{{end}}
</button>
</div>
</form>
</div>
</div>
<button class="tw-mt-1 fluid ui show-modal button" data-modal="#sidebar-delete-issue">
{{svg "octicon-trash"}}
{{ctx.Locale.Tr "repo.issues.delete"}}
</button>
<div class="ui g-modal-confirm modal" id="sidebar-delete-issue">
<div class="header">
{{if .Issue.IsPull}}
{{ctx.Locale.Tr "repo.pulls.delete.title"}}
{{else}}
{{ctx.Locale.Tr "repo.issues.delete.title"}}
{{end}}
</div>
<div class="content">
<p>
{{if .Issue.IsPull}}
{{ctx.Locale.Tr "repo.pulls.delete.text"}}
{{else}}
{{ctx.Locale.Tr "repo.issues.delete.text"}}
{{end}}
</p>
</div>
<form action="{{.Issue.Link}}/delete" method="post">
{{template "base/modal_actions_confirm" .}}
</form>
</div>
{{end}}
Reference in New Issue View Git Blame Copy Permalink