mirror/gitea
1
1
Fork 1
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-07 09:51:41 +01:00
Code Issues
main
gitea/templates/user/auth
History
silverwind 42d294941c
Replace CSRF cookie with CrossOriginProtection (#36183) 
Removes the CSRF cookie in favor of
[`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection)
which relies purely on HTTP headers.

Fixes: https://github.com/go-gitea/gitea/issues/11188
Fixes: https://github.com/go-gitea/gitea/issues/30333
Helps: https://github.com/go-gitea/gitea/issues/35107

TODOs:

- [x] Fix tests
- [ ] Ideally add tests to validates the protection

---------

Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2025-12-25 12:33:34 +02:00
..
activate_prompt.tmpl Refactor "user/active" related logic (#29390) 2024-02-25 21:55:00 +00:00
activate.tmpl Replace CSRF cookie with CrossOriginProtection (#36183) 2025-12-25 12:33:34 +02:00
captcha.tmpl Defer captcha script loading (#33919) 2025-03-17 15:21:04 +00:00
change_passwd_inner.tmpl Replace CSRF cookie with CrossOriginProtection (#36183) 2025-12-25 12:33:34 +02:00
change_passwd.tmpl Add main landmark to templates and adjust titles (#22670) 2023-02-01 22:56:10 +00:00
forgot_passwd.tmpl Replace CSRF cookie with CrossOriginProtection (#36183) 2025-12-25 12:33:34 +02:00
grant_error.tmpl Fix oauth2 auth and UI (#33961) 2025-03-21 20:50:39 +08:00
grant.tmpl Replace CSRF cookie with CrossOriginProtection (#36183) 2025-12-25 12:33:34 +02:00
link_account.tmpl Fix Account linking page (#33325) 2025-01-19 20:37:22 +08:00
oauth_container.tmpl Allow to disable the password-based login (sign-in) form (#32687) 2024-12-02 02:03:15 +08:00
oidc_wellknown.tmpl Improve OAuth2 provider (correct Issuer, respect ENABLED) (#34966) 2025-07-06 13:36:45 +08:00
prohibit_login.tmpl Move all login and account creation page labels to be above inputs (#29432) 2024-03-06 14:20:26 +00:00
reset_passwd.tmpl Replace CSRF cookie with CrossOriginProtection (#36183) 2025-12-25 12:33:34 +02:00
signin_inner.tmpl Replace CSRF cookie with CrossOriginProtection (#36183) 2025-12-25 12:33:34 +02:00
signin_openid.tmpl Replace CSRF cookie with CrossOriginProtection (#36183) 2025-12-25 12:33:34 +02:00
signin.tmpl Fix Account linking page (#33325) 2025-01-19 20:37:22 +08:00
signup_inner.tmpl Replace CSRF cookie with CrossOriginProtection (#36183) 2025-12-25 12:33:34 +02:00
signup_openid_connect.tmpl Replace CSRF cookie with CrossOriginProtection (#36183) 2025-12-25 12:33:34 +02:00
signup_openid_navbar.tmpl Introduce .secondary-nav and handle .page-content spacing universally (#29982) 2024-03-22 23:54:09 +00:00
signup_openid_register.tmpl Replace CSRF cookie with CrossOriginProtection (#36183) 2025-12-25 12:33:34 +02:00
signup.tmpl Refactor login page (#31530) 2024-07-05 20:10:09 +03:00
twofa_scratch.tmpl Replace CSRF cookie with CrossOriginProtection (#36183) 2025-12-25 12:33:34 +02:00
twofa.tmpl Replace CSRF cookie with CrossOriginProtection (#36183) 2025-12-25 12:33:34 +02:00
webauthn_error.tmpl Migrate gt-hidden to tw-hidden (#30046) 2024-03-24 18:23:38 +00:00
webauthn.tmpl Replace text-align classes with tailwind (#33905) 2025-03-16 12:08:16 +00:00