mirrors
/
gitea
kopia lustrzana https://github.com/go-gitea/gitea.git
Obserwuj 1
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Wydania 210 Wiki Aktywność
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17865 Commity
17 Gałęzie
Drzewo: 5471834c2b
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z '5471834c2b'
${ noResults }
gitea/modules/web/middleware/cookie.go

cookie.go 2.4KB
Czysty Blame Historia

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. // Copyright 2020 The Macaron Authors

  2. // Copyright 2020 The Gitea Authors. All rights reserved.

  3. // SPDX-License-Identifier: MIT

  4. 

  5. package middleware

  6. 

  7. import (

  8. 	"net/http"

  9. 	"net/url"

  10. 	"strings"

  11. 

  12. 	"code.gitea.io/gitea/modules/setting"

  13. )

  14. 

  15. // SetRedirectToCookie convenience function to set the RedirectTo cookie consistently

  16. func SetRedirectToCookie(resp http.ResponseWriter, value string) {

  17. 	SetSiteCookie(resp, "redirect_to", value, 0)

  18. }

  19. 

  20. // DeleteRedirectToCookie convenience function to delete most cookies consistently

  21. func DeleteRedirectToCookie(resp http.ResponseWriter) {

  22. 	SetSiteCookie(resp, "redirect_to", "", -1)

  23. }

  24. 

  25. // GetSiteCookie returns given cookie value from request header.

  26. func GetSiteCookie(req *http.Request, name string) string {

  27. 	cookie, err := req.Cookie(name)

  28. 	if err != nil {

  29. 		return ""

  30. 	}

  31. 	val, _ := url.QueryUnescape(cookie.Value)

  32. 	return val

  33. }

  34. 

  35. // SetSiteCookie returns given cookie value from request header.

  36. func SetSiteCookie(resp http.ResponseWriter, name, value string, maxAge int) {

  37. 	cookie := &http.Cookie{

  38. 		Name:     name,

  39. 		Value:    url.QueryEscape(value),

  40. 		MaxAge:   maxAge,

  41. 		Path:     setting.SessionConfig.CookiePath,

  42. 		Domain:   setting.SessionConfig.Domain,

  43. 		Secure:   setting.SessionConfig.Secure,

  44. 		HttpOnly: true,

  45. 		SameSite: setting.SessionConfig.SameSite,

  46. 	}

  47. 	resp.Header().Add("Set-Cookie", cookie.String())

  48. 	// Previous versions would use a cookie path with a trailing /.

  49. 	// These are more specific than cookies without a trailing /, so

  50. 	// we need to delete these if they exist.

  51. 	DeleteLegacySiteCookie(resp, name)

  52. }

  53. 

  54. // DeleteLegacySiteCookie deletes the cookie with the given name at the cookie

  55. // path with a trailing /, which would unintentionally override the cookie.

  56. func DeleteLegacySiteCookie(resp http.ResponseWriter, name string) {

  57. 	if setting.SessionConfig.CookiePath == "" || strings.HasSuffix(setting.SessionConfig.CookiePath, "/") {

  58. 		// If the cookie path ends with /, no legacy cookies will take

  59. 		// precedence, so do nothing.  The exception is that cookies with no

  60. 		// path could override other cookies, but it's complicated and we don't

  61. 		// currently handle that.

  62. 		return

  63. 	}

  64. 

  65. 	cookie := &http.Cookie{

  66. 		Name:     name,

  67. 		Value:    "",

  68. 		MaxAge:   -1,

  69. 		Path:     setting.SessionConfig.CookiePath + "/",

  70. 		Domain:   setting.SessionConfig.Domain,

  71. 		Secure:   setting.SessionConfig.Secure,

  72. 		HttpOnly: true,

  73. 		SameSite: setting.SessionConfig.SameSite,

  74. 	}

  75. 	resp.Header().Add("Set-Cookie", cookie.String())

  76. }