Prevent security failure due to bad APP_ID (#18678) - gitea.git - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

diff options

author	zeripath <art27@cantab.net>	2022-02-09 07:37:58 +0000
committer	GitHub <noreply@github.com>	2022-02-09 15:37:58 +0800
commit	2f766082214e8f10375a68323e6b7bb1c742775d (patch)
tree	9fc308fff5a15ce80de33e99278f92a09a329552 /modules/git
parent	4160aff86e9e606212e6884063c1d15a3c12985a (diff)
download	gitea-2f766082214e8f10375a68323e6b7bb1c742775d.tar.gz gitea-2f766082214e8f10375a68323e6b7bb1c742775d.zip

Prevent security failure due to bad APP_ID (#18678)

WebAuthn may cause a security exception if the provided APP_ID is not allowed for the current origin. Therefore we should reattempt authentication without the appid extension. Also we should allow [u2f] as-well as [U2F] sections. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Diffstat (limited to 'modules/git')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: