Replace the anti-CSRF token with a [cross origin protection by Go](https://go.dev/doc/go1.25#nethttppkgnethttp) that uses a stateless way of verifying if a request was cross origin or not. This allows is to remove al lot of code and replace it with a few lines of code and we no longer have to hand roll this protection. The new protection uses indicators by the browser itself that indicate if the request is cross-origin, thus we no longer have to take care of ensuring the generated CSRF token is passed back to the server any request by the the browser will have send this indicator.
Resolvesforgejo/forgejo#3538
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9830
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
The repository contributors graph received the stats for each author for each week, these weeks are stored as unix milis values, `Object.entries` converted these values to strings and `sort()` would thus sort them as strings - this worked without a problem for most repository.
If a repository has commits from before 'Sun Sep 9 03:46:40 AM CEST 2001', it meant that the weeks when those commits were made would be sorted towards the end because "1000000000" > "999999999" (when compared as strings) and would thus be silently cut from the data. This edge-case was seen by the curl repository (https://mastodon.social/@bagder/115018271785548165)
Sort them as numbers to avoid this problem, it being stored as strings is otherwise not a problem.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8882
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
- Currently emojis that are part of the label's name aren't rendered
when shown in the popup that you get when you hover over issue
references.
- This patch fixes that by rendering the emoji.
- Adds CSS to not make the emoji big in the label.
- Resolves#1531
I'm using this convention in other projects and I think it makes sense
for gitea too because the vitest setup file is loaded globally for all
tests, not just ones in web_src, so it makes sense to be in the root.
(cherry picked from commit 98e7e3a5f07b8bc620e26bc1ab6f7a86bccbb7cb)
