tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-22 18:28:37 +00:00
Code Releases Activity

Refactor CSRF protector (#32057)

Browse Source 
Remove unused CSRF options, decouple "new csrf protector" and "prepare"
logic, do not redirect to home page if CSRF validation falis (it
shouldn't happen in daily usage, if it happens, redirecting to home
doesn't help either but just makes the problem more complex for "fetch")
This commit is contained in:
wxiaoguang
2024-09-18 15:17:25 +08:00
committed by GitHub
parent 55f1fcf0ad
commit 1fede04b83
7 changed files with 71 additions and 172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
routers/web/web.go
View File

@@ -129,6 +129,8 @@ func webAuth(authMethod auth_service.Method) func(*context.Context) {
// ensure the session uid is deleted
_ = ctx.Session.Delete("uid")
}
ctx.Csrf.PrepareForSessionUser(ctx)
}
}