forgejo

mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-04-22 02:56:56 -04:00

Author	SHA1	Message	Date
Gusted	a4642af51a	feat: replace cross origin protection (#9830 ) Some checks are pending / release (push) Waiting to run Details testing-integration / test-unit (push) Waiting to run Details testing-integration / test-sqlite (push) Waiting to run Details testing-integration / test-mariadb (v10.6) (push) Waiting to run Details testing-integration / test-mariadb (v11.8) (push) Waiting to run Details testing / backend-checks (push) Waiting to run Details testing / frontend-checks (push) Waiting to run Details testing / test-unit (push) Blocked by required conditions Details testing / test-e2e (push) Blocked by required conditions Details testing / test-remote-cacher (redis) (push) Blocked by required conditions Details testing / test-remote-cacher (valkey) (push) Blocked by required conditions Details testing / test-remote-cacher (garnet) (push) Blocked by required conditions Details testing / test-remote-cacher (redict) (push) Blocked by required conditions Details testing / test-mysql (push) Blocked by required conditions Details testing / test-pgsql (push) Blocked by required conditions Details testing / test-sqlite (push) Blocked by required conditions Details testing / security-check (push) Blocked by required conditions Details Replace the anti-CSRF token with a [cross origin protection by Go](https://go.dev/doc/go1.25#nethttppkgnethttp) that uses a stateless way of verifying if a request was cross origin or not. This allows is to remove al lot of code and replace it with a few lines of code and we no longer have to hand roll this protection. The new protection uses indicators by the browser itself that indicate if the request is cross-origin, thus we no longer have to take care of ensuring the generated CSRF token is passed back to the server any request by the the browser will have send this indicator. Resolves forgejo/forgejo#3538 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9830 Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org> Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-10-29 22:43:22 +01:00
0ko	e13da8aae3	chore: remove branding from application run helper (#9640 ) Rel: https://codeberg.org/forgejo/forgejo/pulls/9628. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9640 Reviewed-by: Michael Kriese <michael.kriese@gmx.de>	2025-10-11 12:14:13 +02:00
Gusted	2457f5ff22	chore: branding import path (#7337 ) - Massive replacement of changing `code.gitea.io/gitea` to `forgejo.org`. - Resolves forgejo/discussions#258 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7337 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Beowulf <beowulf@beocode.eu> Reviewed-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>	2025-03-27 19:40:14 +00:00
TheFox0x7	4de909747b	Add testifylint to lint checks (#4535 ) go-require lint is ignored for now Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4535 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: TheFox0x7 <thefox0x7@gmail.com> Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>	2024-07-30 19:41:10 +00:00
Malte Jürgens	a61e7c7a39	Implement external assets	2024-07-29 20:35:55 +02:00
Laura Hausmann	8506dbe2e5	Add tests for webhook release events Co-authored-by: oliverpool <git@olivier.pfad.fr>	2024-04-16 19:25:26 +02:00
oliverpool	9d2919248b	[TEST] webhook creation payload ref	2024-04-05 16:21:41 +02:00

7 commits