diff options
author | Jason Song <i@wolfogre.com> | 2024-04-19 12:03:53 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2024-04-19 04:03:53 +0000 |
commit | 61457cdf6b49225ae831fd9fb084deadd8bdb0fb (patch) | |
tree | d910b41d1165ec7cea8ef3a24e8033532a5609f0 /modules/web | |
parent | acfe29fc2bcc5261676868c8fdd6dc0def178d1e (diff) | |
download | gitea-61457cdf6b49225ae831fd9fb084deadd8bdb0fb.tar.gz gitea-61457cdf6b49225ae831fd9fb084deadd8bdb0fb.zip |
Avoid importing `modules/web/middleware` in `modules/session` (#30584)
Related to #30375.
It doesn't make sense to import `modules/web/middleware` and
`modules/setting` in `modules/web/session` since the last one is more
low-level.
And it looks like a workaround to call `DeleteLegacySiteCookie` in
`RegenerateSession`, so maybe we could reverse the importing by
registering hook functions.
Diffstat (limited to 'modules/web')
-rw-r--r-- | modules/web/middleware/cookie.go | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/modules/web/middleware/cookie.go b/modules/web/middleware/cookie.go index 0bed726793..ec6b06f993 100644 --- a/modules/web/middleware/cookie.go +++ b/modules/web/middleware/cookie.go @@ -9,6 +9,7 @@ import ( "net/url" "strings" + "code.gitea.io/gitea/modules/session" "code.gitea.io/gitea/modules/setting" ) @@ -48,12 +49,12 @@ func SetSiteCookie(resp http.ResponseWriter, name, value string, maxAge int) { // Previous versions would use a cookie path with a trailing /. // These are more specific than cookies without a trailing /, so // we need to delete these if they exist. - DeleteLegacySiteCookie(resp, name) + deleteLegacySiteCookie(resp, name) } -// DeleteLegacySiteCookie deletes the cookie with the given name at the cookie +// deleteLegacySiteCookie deletes the cookie with the given name at the cookie // path with a trailing /, which would unintentionally override the cookie. -func DeleteLegacySiteCookie(resp http.ResponseWriter, name string) { +func deleteLegacySiteCookie(resp http.ResponseWriter, name string) { if setting.SessionConfig.CookiePath == "" || strings.HasSuffix(setting.SessionConfig.CookiePath, "/") { // If the cookie path ends with /, no legacy cookies will take // precedence, so do nothing. The exception is that cookies with no @@ -74,3 +75,11 @@ func DeleteLegacySiteCookie(resp http.ResponseWriter, name string) { } resp.Header().Add("Set-Cookie", cookie.String()) } + +func init() { + session.BeforeRegenerateSession = append(session.BeforeRegenerateSession, func(resp http.ResponseWriter, _ *http.Request) { + // Ensure that a cookie with a trailing slash does not take precedence over + // the cookie written by the middleware. + deleteLegacySiteCookie(resp, setting.SessionConfig.CookieName) + }) +} |