6 commits

Author	SHA1	Message	Date
Gusted	a4642af51a	feat: replace cross origin protection (#9830) ... Replace the anti-CSRF token with a [cross origin protection by Go](https://go.dev/doc/go1.25#nethttppkgnethttp) that uses a stateless way of verifying if a request was cross origin or not. This allows is to remove al lot of code and replace it with a few lines of code and we no longer have to hand roll this protection. The new protection uses indicators by the browser itself that indicate if the request is cross-origin, thus we no longer have to take care of ensuring the generated CSRF token is passed back to the server any request by the the browser will have send this indicator. Resolves forgejo/forgejo#3538 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9830 Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org> Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-10-29 22:43:22 +01:00
Gusted	2457f5ff22	chore: branding import path (#7337) ... - Massive replacement of changing `code.gitea.io/gitea` to `forgejo.org`. - Resolves forgejo/discussions#258 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7337 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Beowulf <beowulf@beocode.eu> Reviewed-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-03-27 19:40:14 +00:00
Lunny Xiao	894d9b2836	Move context from modules to services (#29440) ... Since `modules/context` has to depend on `models` and many other packages, it should be moved from `modules/context` to `services/context` according to design principles. There is no logic code change on this PR, only move packages. - Move `code.gitea.io/gitea/modules/context` to `code.gitea.io/gitea/services/context` - Move `code.gitea.io/gitea/modules/contexttest` to `code.gitea.io/gitea/services/contexttest` because of depending on context - Move `code.gitea.io/gitea/modules/upload` to `code.gitea.io/gitea/services/context/upload` because of depending on context (cherry picked from commit 29f149bd9f517225a3c9f1ca3fb0a7b5325af696) Conflicts: routers/api/packages/alpine/alpine.go routers/api/v1/repo/issue_reaction.go routers/install/install.go routers/web/admin/config.go routers/web/passkey.go routers/web/repo/search.go routers/web/repo/setting/default_branch.go routers/web/user/home.go routers/web/user/profile.go tests/integration/editor_test.go tests/integration/integration_test.go tests/integration/mirror_push_test.go trivial context conflicts also modified all other occurrences in Forgejo specific files	2024-03-06 12:10:43 +08:00
Adam Majer	d68a613ba8	Add support for sha256 repositories (#23894) ... Currently only SHA1 repositories are supported by Gitea. This adds support for alternate SHA256 with the additional aim of easier support for additional hash types in the future. Fixes: #13794 Limited by: https://github.com/go-git/go-git/issues/899 Depend on: #28138 <img width="776" alt="图片" src="https://github.com/go-gitea/gitea/assets/81045/5448c9a7-608e-4341-a149-5dd0069c9447"> --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: 6543 <6543@obermui.de>	2024-01-19 17:05:02 +01:00
wxiaoguang	b41925cee3	Refactor CORS handler (#28587) ... The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix #28515 Fix #27642 Fix #17098	2023-12-25 20:13:18 +08:00
Lunny Xiao	0ba4ecc3bd	Fix http protocol auth (#27875)	2023-11-02 22:14:33 +08:00