mirror of
https://github.com/go-gitea/gitea.git
synced 2026-01-06 20:30:20 +01:00
42d294941c
Removes the CSRF cookie in favor of [`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection) which relies purely on HTTP headers. Fixes: https://github.com/go-gitea/gitea/issues/11188 Fixes: https://github.com/go-gitea/gitea/issues/30333 Helps: https://github.com/go-gitea/gitea/issues/35107 TODOs: - [x] Fix tests - [ ] Ideally add tests to validates the protection --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
25 lines
821 B
Handlebars
25 lines
821 B
Handlebars
{{template "base/head" .}}
|
|
<div role="main" aria-label="{{.Title}}" class="page-content user signin">
|
|
<div class="ui middle very relaxed page grid">
|
|
<div class="column">
|
|
<form class="ui form tw-max-w-2xl tw-m-auto" action="{{.Link}}" method="post">
|
|
<h3 class="ui top attached header">
|
|
{{ctx.Locale.Tr "twofa_scratch"}}
|
|
</h3>
|
|
<div class="ui attached segment">
|
|
{{template "base/alert" .}}
|
|
<div class="required field">
|
|
<label for="token">{{ctx.Locale.Tr "auth.scratch_code"}}</label>
|
|
<input id="token" name="token" type="text" autocomplete="off" autofocus required>
|
|
</div>
|
|
|
|
<div class="inline field">
|
|
<button class="ui primary button">{{ctx.Locale.Tr "auth.verify"}}</button>
|
|
</div>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
{{template "base/footer" .}}
|