42d294941c
Removes the CSRF cookie in favor of [`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection) which relies purely on HTTP headers. Fixes: https://github.com/go-gitea/gitea/issues/11188 Fixes: https://github.com/go-gitea/gitea/issues/30333 Helps: https://github.com/go-gitea/gitea/issues/35107 TODOs: - [x] Fix tests - [ ] Ideally add tests to validates the protection --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
20 lines
1.1 KiB
Handlebars
20 lines
1.1 KiB
Handlebars
{{if eq .HookType "discord"}}
|
|
<p>{{ctx.Locale.Tr "repo.settings.add_web_hook_desc" "https://discord.com" (ctx.Locale.Tr "repo.settings.web_hook_name_discord")}}</p>
|
|
<form class="ui form" action="{{.BaseLink}}/discord/{{or .Webhook.ID "new"}}" method="post">
|
|
<div class="required field {{if .Err_PayloadURL}}error{{end}}">
|
|
<label for="payload_url">{{ctx.Locale.Tr "repo.settings.payload_url"}}</label>
|
|
<input id="payload_url" name="payload_url" type="url" value="{{.Webhook.URL}}" autofocus required>
|
|
</div>
|
|
<div class="field">
|
|
<label for="username">{{ctx.Locale.Tr "repo.settings.discord_username"}}</label>
|
|
<input id="username" name="username" value="{{.DiscordHook.Username}}" placeholder="Gitea">
|
|
</div>
|
|
<div class="field">
|
|
<label for="icon_url">{{ctx.Locale.Tr "repo.settings.discord_icon_url"}}</label>
|
|
<input id="icon_url" name="icon_url" value="{{.DiscordHook.IconURL}}" placeholder="https://example.com/assets/img/logo.svg">
|
|
</div>
|
|
{{/* FIXME: support authorization header or not? */}}
|
|
{{template "repo/settings/webhook/settings" dict "BaseLink" .BaseLink "Webhook" .Webhook "UseAuthorizationHeader" "optional"}}
|
|
</form>
|
|
{{end}}
|