aboutsummaryrefslogtreecommitdiffstats
path: root/modules/web
diff options
context:
space:
mode:
authorwxiaoguang <wxiaoguang@gmail.com>2022-04-08 13:21:05 +0800
committerGitHub <noreply@github.com>2022-04-08 13:21:05 +0800
commit84ceaa98bd731431c7d3a7f65e59e7ad076a540f (patch)
treefc2743a69cde4e46c3a55796e2ab1541269b6c65 /modules/web
parent3c3d49899f0f7206e190bdeecdc4da248cc7e686 (diff)
downloadgitea-84ceaa98bd731431c7d3a7f65e59e7ad076a540f.tar.gz
gitea-84ceaa98bd731431c7d3a7f65e59e7ad076a540f.zip
Refactor CSRF protection modules, make sure CSRF tokens can be up-to-date. (#19337)
Do a refactoring to the CSRF related code, remove most unnecessary functions. Parse the generated token's issue time, regenerate the token every a few minutes.
Diffstat (limited to 'modules/web')
-rw-r--r--modules/web/middleware/cookie.go13
1 files changed, 1 insertions, 12 deletions
diff --git a/modules/web/middleware/cookie.go b/modules/web/middleware/cookie.go
index 80fe302137..b5904d6713 100644
--- a/modules/web/middleware/cookie.go
+++ b/modules/web/middleware/cookie.go
@@ -98,17 +98,6 @@ func DeleteRedirectToCookie(resp http.ResponseWriter) {
SameSite(setting.SessionConfig.SameSite))
}
-// DeleteSesionConfigPathCookie convenience function to delete SessionConfigPath cookies consistently
-func DeleteSesionConfigPathCookie(resp http.ResponseWriter, name string) {
- SetCookie(resp, name, "",
- -1,
- setting.SessionConfig.CookiePath,
- setting.SessionConfig.Domain,
- setting.SessionConfig.Secure,
- true,
- SameSite(setting.SessionConfig.SameSite))
-}
-
// DeleteCSRFCookie convenience function to delete SessionConfigPath cookies consistently
func DeleteCSRFCookie(resp http.ResponseWriter) {
SetCookie(resp, setting.CSRFCookieName, "",
@@ -117,7 +106,7 @@ func DeleteCSRFCookie(resp http.ResponseWriter) {
setting.SessionConfig.Domain) // FIXME: Do we need to set the Secure, httpOnly and SameSite values too?
}
-// SetCookie set the cookies
+// SetCookie set the cookies. (name, value, lifetime, path, domain, secure, httponly, expires, {sameSite, ...})
// TODO: Copied from gitea.com/macaron/macaron and should be improved after macaron removed.
func SetCookie(resp http.ResponseWriter, name, value string, others ...interface{}) {
cookie := http.Cookie{}