forgejo

mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-03-25 19:33:03 -04:00

History

Gusted a4642af51a Some checks are pending / release (push) Waiting to run Details testing-integration / test-unit (push) Waiting to run Details testing-integration / test-sqlite (push) Waiting to run Details testing-integration / test-mariadb (v10.6) (push) Waiting to run Details testing-integration / test-mariadb (v11.8) (push) Waiting to run Details testing / backend-checks (push) Waiting to run Details testing / frontend-checks (push) Waiting to run Details testing / test-unit (push) Blocked by required conditions Details testing / test-e2e (push) Blocked by required conditions Details testing / test-remote-cacher (redis) (push) Blocked by required conditions Details testing / test-remote-cacher (valkey) (push) Blocked by required conditions Details testing / test-remote-cacher (garnet) (push) Blocked by required conditions Details testing / test-remote-cacher (redict) (push) Blocked by required conditions Details testing / test-mysql (push) Blocked by required conditions Details testing / test-pgsql (push) Blocked by required conditions Details testing / test-sqlite (push) Blocked by required conditions Details testing / security-check (push) Blocked by required conditions Details feat: replace cross origin protection (#9830 ) Replace the anti-CSRF token with a [cross origin protection by Go](https://go.dev/doc/go1.25#nethttppkgnethttp) that uses a stateless way of verifying if a request was cross origin or not. This allows is to remove al lot of code and replace it with a few lines of code and we no longer have to hand roll this protection. The new protection uses indicators by the browser itself that indicate if the request is cross-origin, thus we no longer have to take care of ensuring the generated CSRF token is passed back to the server any request by the the browser will have send this indicator. Resolves forgejo/forgejo#3538 Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9830 Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org> Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org> Co-authored-by: Gusted <postmaster@gusted.xyz> Co-committed-by: Gusted <postmaster@gusted.xyz>		2025-10-29 22:43:22 +01:00
..
source	feat: add option to allow non-local users to change usernames (#8714 )	2025-08-06 20:25:13 +02:00
additional_scopes_test.go	tests additional grant scopes	2024-08-09 14:58:15 +02:00
auth.go	feat: replace cross origin protection (#9830 )	2025-10-29 22:43:22 +01:00
auth_test.go	chore: branding import path (#7337 )	2025-03-27 19:40:14 +00:00
basic.go	feat: avoid updating all columns (#9572 )	2025-10-09 13:22:29 +02:00
group.go	chore: branding import path (#7337 )	2025-03-27 19:40:14 +00:00
httpsign.go	chore(cleanup): replaces unnecessary calls to formatting functions by non-formatting equivalents (#7994 )	2025-05-29 17:34:29 +02:00
interface.go	chore: branding import path (#7337 )	2025-03-27 19:40:14 +00:00
main_test.go	chore: branding import path (#7337 )	2025-03-27 19:40:14 +00:00
oauth2.go	feat: avoid updating all columns (#9572 )	2025-10-09 13:22:29 +02:00
oauth2_test.go	fix: ASCII equal fold for authorization header (#8391 )	2025-07-09 23:01:03 +02:00
reverseproxy.go	chore: branding import path (#7337 )	2025-03-27 19:40:14 +00:00
reverseproxy_test.go	test: introduce TruncateBeansCascade test helper to support data cleanup of foreign-key referenced tables (#9684 )	2025-10-15 20:26:41 +02:00
session.go	chore: branding import path (#7337 )	2025-03-27 19:40:14 +00:00
signin.go	chore: branding import path (#7337 )	2025-03-27 19:40:14 +00:00
source.go	chore: branding import path (#7337 )	2025-03-27 19:40:14 +00:00
sync.go	chore: branding import path (#7337 )	2025-03-27 19:40:14 +00:00