Lerking/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-01-05 11:51:15 +01:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
20,169 Commits 19 Branches 244 Tags
main
Commit Graph

2 Commits

Author SHA1 Message Date
silverwind
42d294941c Replace CSRF cookie with CrossOriginProtection (#36183)
Some checks failed
release-nightly / nightly-binary (push) Has been cancelled
Details
release-nightly / nightly-container (push) Has been cancelled
Details 
Removes the CSRF cookie in favor of
[`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection)
which relies purely on HTTP headers.

Fixes: https://github.com/go-gitea/gitea/issues/11188
Fixes: https://github.com/go-gitea/gitea/issues/30333
Helps: https://github.com/go-gitea/gitea/issues/35107

TODOs:

- [x] Fix tests
- [ ] Ideally add tests to validates the protection

---------

Signed-off-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
 2025-12-25 12:33:34 +02:00
Zettat123
cdc0733047 Use inputs context when parsing workflows (#35590)
Some checks failed
release-nightly / nightly-binary (push) Has been cancelled
Details
release-nightly / nightly-docker-rootful (push) Has been cancelled
Details
release-nightly / nightly-docker-rootless (push) Has been cancelled
Details 
Depends on [gitea/act#143](https://gitea.com/gitea/act/pulls/143)

The [`inputs`
context](https://docs.github.com/en/actions/reference/workflows-and-actions/contexts#inputs-context)
is used when parsing workflows so that `run-name` like `run-name: Deploy
to ${{ inputs.deploy_target }}` can be parsed correctly.
 2025-10-06 06:09:27 +02:00