mirror of
https://github.com/go-gitea/gitea
synced 2024-12-25 01:54:26 +00:00
Previously, this required authentication, but there's not actually any privileged information on this page. Move the endpoint out of the group that requires sign-in. It still requires the ability to read issues and pull requests, so private repositories (for instance) will not be exposed. Fixes #10312 Fixes #11233 Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
This commit is contained in:
parent
bfc25fcf40
commit
5131206aad
@ -668,6 +668,14 @@ func RegisterRoutes(m *macaron.Macaron) {
|
|||||||
|
|
||||||
m.Post("/:username/:reponame/action/:action", reqSignIn, context.RepoAssignment(), context.UnitTypes(), repo.Action)
|
m.Post("/:username/:reponame/action/:action", reqSignIn, context.RepoAssignment(), context.UnitTypes(), repo.Action)
|
||||||
|
|
||||||
|
// Grouping for those endpoints not requiring authentication
|
||||||
|
m.Group("/:username/:reponame", func() {
|
||||||
|
m.Group("/milestone", func() {
|
||||||
|
m.Get("/:id", repo.MilestoneIssuesAndPulls)
|
||||||
|
}, reqRepoIssuesOrPullsReader, context.RepoRef())
|
||||||
|
}, context.RepoAssignment(), context.UnitTypes())
|
||||||
|
|
||||||
|
// Grouping for those endpoints that do require authentication
|
||||||
m.Group("/:username/:reponame", func() {
|
m.Group("/:username/:reponame", func() {
|
||||||
m.Group("/issues", func() {
|
m.Group("/issues", func() {
|
||||||
m.Combo("/new").Get(context.RepoRef(), repo.NewIssue).
|
m.Combo("/new").Get(context.RepoRef(), repo.NewIssue).
|
||||||
@ -723,9 +731,6 @@ func RegisterRoutes(m *macaron.Macaron) {
|
|||||||
m.Post("/:id/:action", repo.ChangeMilestonStatus)
|
m.Post("/:id/:action", repo.ChangeMilestonStatus)
|
||||||
m.Post("/delete", repo.DeleteMilestone)
|
m.Post("/delete", repo.DeleteMilestone)
|
||||||
}, context.RepoMustNotBeArchived(), reqRepoIssuesOrPullsWriter, context.RepoRef())
|
}, context.RepoMustNotBeArchived(), reqRepoIssuesOrPullsWriter, context.RepoRef())
|
||||||
m.Group("/milestone", func() {
|
|
||||||
m.Get("/:id", repo.MilestoneIssuesAndPulls)
|
|
||||||
}, reqRepoIssuesOrPullsReader, context.RepoRef())
|
|
||||||
m.Combo("/compare/*", repo.MustBeNotEmpty, reqRepoCodeReader, repo.SetEditorconfigIfExists).
|
m.Combo("/compare/*", repo.MustBeNotEmpty, reqRepoCodeReader, repo.SetEditorconfigIfExists).
|
||||||
Get(repo.SetDiffViewStyle, repo.CompareDiff).
|
Get(repo.SetDiffViewStyle, repo.CompareDiff).
|
||||||
Post(context.RepoMustNotBeArchived(), reqRepoPullsReader, repo.MustAllowPulls, bindIgnErr(auth.CreateIssueForm{}), repo.CompareAndPullRequestPost)
|
Post(context.RepoMustNotBeArchived(), reqRepoPullsReader, repo.MustAllowPulls, bindIgnErr(auth.CreateIssueForm{}), repo.CompareAndPullRequestPost)
|
||||||
|
Loading…
Reference in New Issue
Block a user