Skip to content

Refactor CSRF protector #32057

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 18, 2024
Merged

Refactor CSRF protector #32057

merged 3 commits into from
Sep 18, 2024

Conversation

wxiaoguang
Copy link
Contributor

@wxiaoguang wxiaoguang commented Sep 17, 2024
edited
Loading

Remove unused CSRF options, decouple "new csrf protector" and "prepare" logic, do not redirect to home page if CSRF validation falis (it shouldn't happen in daily usage, if it happens, redirecting to home doesn't help either but just makes the problem more complex for "fetch")

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Sep 17, 2024
@github-actions github-actions bot added modifies/go Pull requests that update Go code modifies/translation labels Sep 17, 2024
@wxiaoguang wxiaoguang force-pushed the refactor-csrf branch 2 times, most recently from 8574918 to fef4ddf Compare September 17, 2024 12:06
@lunny lunny added this to the 1.23.0 milestone Sep 17, 2024
@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Sep 17, 2024
@lunny lunny added the backport/v1.22 This PR should be backported to Gitea 1.22 label Sep 18, 2024
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Sep 18, 2024
@wxiaoguang wxiaoguang merged commit 1fede04 into go-gitea:main Sep 18, 2024
26 checks passed
@wxiaoguang wxiaoguang deleted the refactor-csrf branch September 18, 2024 07:17
@GiteaBot
Copy link
Collaborator

I was unable to create a backport for 1.22. @wxiaoguang, please send one manually. 🍵

go run ./contrib/backport 32057
...  // fix git conflicts if any
go run ./contrib/backport --continue

@GiteaBot GiteaBot added the backport/manual No power to the bots! Create your backport yourself! label Sep 18, 2024
wxiaoguang added a commit to wxiaoguang/gitea that referenced this pull request Sep 18, 2024
@wxiaoguang
Refactor CSRF protector (go-gitea#32057)
292f68e
@wxiaoguang wxiaoguang mentioned this pull request Sep 18, 2024
Merged
@wxiaoguang wxiaoguang added the backport/done All backports for this PR have been created label Sep 18, 2024
lunny pushed a commit that referenced this pull request Sep 18, 2024
@wxiaoguang
Refactor CSRF protector (#32057) (#32069)
2891edb 
#32057 improves the CSRF handling and is worth to backport
zjjhot added a commit to zjjhot/gitea that referenced this pull request Sep 19, 2024
@zjjhot
Merge remote-tracking branch 'giteaofficial/main'
3cd37d1 
* giteaofficial/main:
  [skip ci] Updated translations via Crowdin
  Fix: database not update release when using `git push --tags --force` (go-gitea#32040)
  Resolve duplicate local string key related to PR comments (go-gitea#32073)
  Refactor CSRF protector (go-gitea#32057)
@go-gitea go-gitea locked as resolved and limited conversation to collaborators Dec 18, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lunny lunny lunny approved these changes

@wolfogre wolfogre wolfogre approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created backport/manual No power to the bots! Create your backport yourself! backport/v1.22 This PR should be backported to Gitea 1.22 lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. modifies/go Pull requests that update Go code modifies/translation
Projects
None yet
Milestone
1.23.0
Development

Successfully merging this pull request may close these issues.
4 participants
@wxiaoguang @GiteaBot @lunny @wolfogre