From: wxiaoguang Date: Wed, 6 Apr 2022 15:47:58 +0000 (+0800) Subject: Fix invalid CSRF token bug, make sure CSRF tokens can be up-to-date (#19338) X-Git-Tag: v1.16.6~16 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=57c2ca7f26a7dd7633d65c396c4f0feba7e44210;p=gitea.git Fix invalid CSRF token bug, make sure CSRF tokens can be up-to-date (#19338) There was a bug that the CSRF token wouldn't in 24h. This fix just does what the CSRF function comment says: If this request is a GET request, it will generate a new token. Then the CSRF token can be kept up-to-date. --- diff --git a/modules/context/csrf.go b/modules/context/csrf.go index 8d179ca904..66ea6bd0a3 100644 --- a/modules/context/csrf.go +++ b/modules/context/csrf.go @@ -229,6 +229,7 @@ func Csrfer(opt CsrfOptions, ctx *Context) CSRF { } } + needsNew = needsNew || ctx.Req.Method == "GET" // If this request is a Get request, it will generate a new token, make sure the token is always up-to-date. if needsNew { // FIXME: actionId. x.Token = GenerateToken(x.Secret, x.ID, "POST")