1
1
mirror of https://github.com/go-gitea/gitea synced 2024-11-15 22:54:24 +00:00
gitea/modules
zeripath 2e317d3f6e
Prevent security failure due to bad APP_ID (#18678) (#18682)
Backport #18678

WebAuthn may cause a security exception if the provided APP_ID is not allowed for the
current origin. Therefore we should reattempt authentication without the appid
extension.

Also we should allow [u2f] as-well as [U2F] sections.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-10 16:17:44 +01:00
..
activitypub Create pub/priv keypair for federation (#17071) 2021-09-28 15:19:22 -04:00
analyze Use git attributes to determine generated and vendored status for language stats and diffs (#16773) 2021-09-09 21:13:36 +01:00
appstate Decouple unit test code from business code (#17623) 2021-11-12 22:36:47 +08:00
auth Support webauthn (#17957) 2022-01-14 16:03:31 +01:00
avatar Fix various typos (#18219) 2022-01-10 17:32:37 +08:00
base Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
cache Test cache during init (#17852) 2021-12-06 00:24:57 +08:00
charset Add warning for BIDI characters in page renders and in diffs (#17562) 2022-01-07 02:18:52 +01:00
context If rendering has failed due to a net.OpError stop rendering (#18642) (#18645) 2022-02-07 09:25:05 +08:00
convert Add MirrorUpdated field to Repository API type (#18267) 2022-01-18 13:18:30 +00:00
csv Fix various typos (#18219) 2022-01-10 17:32:37 +08:00
doctor Fix various typos (#18219) 2022-01-10 17:32:37 +08:00
emoji Run processors on whole of text (#16155) 2021-06-17 11:35:05 +01:00
eventsource Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
generate Support webauthn (#17957) 2022-01-14 16:03:31 +01:00
git Stop logging an error when notes are not found (#18626) (#18635) 2022-02-06 09:43:15 +00:00
gitgraph Collaborator trust model should trust collaborators (#18539) (#18557) 2022-02-03 11:20:37 -05:00
graceful Make SSL cipher suite configurable (#17440) 2021-11-20 01:12:43 -05:00
hcaptcha hCaptcha Support (#12594) 2020-10-02 23:37:53 -04:00
highlight Add .gitattribute assisted language detection to blame, diff and render (#17590) 2021-11-17 20:37:00 +00:00
hostmatcher Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
httpcache Use a variable but a function for IsProd because of a slight performance increment (#17368) 2021-10-20 16:37:19 +02:00
httplib refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
indexer Upgrade bleve from v2.0.6 to v2.3.0 (#18132) 2022-01-01 16:26:27 +08:00
json Move repository model into models/repo (#17933) 2021-12-10 09:27:50 +08:00
lfs Fix source typos (#18227) 2022-01-10 23:46:26 +08:00
log Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
markup Prevent NPE on partial match of compare URL and allow short SHA1 compare URLs (#18472) (#18473) 2022-01-31 01:49:17 +02:00
metrics Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
migration Fix various typos (#18219) 2022-01-10 17:32:37 +08:00
nosql Remove unnecessary variable assignments (#17695) 2021-11-18 09:33:06 +08:00
notification Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
options Remove golang vendored directory (#18277) 2022-01-14 18:16:05 -05:00
password Fixed assert statements. (#16089) 2021-06-07 07:27:09 +02:00
pprof refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
private Move keys to models/asymkey (#17917) 2021-12-10 16:14:24 +08:00
process Fix various typos (#18219) 2022-01-10 17:32:37 +08:00
proxy Return nil proxy function if proxy not enabled (#16742) 2021-08-19 16:41:20 -04:00
public Fix mime-type detection for HTTP server (#18371) 2022-01-23 21:17:20 +08:00
queue Restart zero worker if there is still work to do (#18658) (#18672) 2022-02-08 23:28:21 +02:00
recaptcha refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
references Add API to get issue/pull comments and events (timeline) (#17403) 2022-01-01 22:12:25 +08:00
repository Add GetUserTeams (#18499) (#18531) 2022-02-02 08:40:04 +00:00
secret Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
session Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
setting Prevent security failure due to bad APP_ID (#18678) (#18682) 2022-02-10 16:17:44 +01:00
ssh Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
storage refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
structs Add MirrorUpdated field to Repository API type (#18267) 2022-01-18 13:18:30 +00:00
svg refactor: move from io/ioutil to io and os package (#17109) 2021-09-22 13:38:34 +08:00
sync Fix missing unlock in uniquequeue (#9790) 2020-01-15 23:58:33 +02:00
templates Remove golang vendored directory (#18277) 2022-01-14 18:16:05 -05:00
test Unify and simplify TrN for i18n (#18141) 2022-01-02 04:33:57 +01:00
timeutil Don't store assets modified time into generated files (#18193) 2022-01-06 21:33:17 -05:00
translation Sort locales according to their names (#18211) 2022-01-08 12:18:39 +00:00
typesniffer Read expected buffer size (#17409) 2021-10-24 22:12:43 +01:00
updatechecker Fix various typos (#18219) 2022-01-10 17:32:37 +08:00
upload Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
uri Prevent NPE if gitea uploader fails to open url (#18080) 2021-12-23 16:27:33 +00:00
user Add gitea-vet (#10948) 2020-04-05 07:20:50 +01:00
util Increase Salt randomness (#18179) 2022-01-04 15:13:52 +00:00
validation Upgrade chi to v5 (#17298) 2021-10-13 22:50:23 -04:00
web Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00