diff options
| author | zeripath <art27@cantab.net> | 2021-09-12 18:35:38 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-09-12 19:35:38 +0200 |
| commit | a334a95a3c7f97b2a60fc87f5ada5ce139b07ffe (patch) | |
| tree | 2ed19779dd010ddd8bfda8598460ff46c0dd3865 /routers/api/v1/api.go | |
| parent | aac7f68af1a145fc772c018ed98f34b1af34b637 (diff) | |
| download | gitea-a334a95a3c7f97b2a60fc87f5ada5ce139b07ffe.tar.gz gitea-a334a95a3c7f97b2a60fc87f5ada5ce139b07ffe.zip | |
Use common sessioner for API and Web (#17027)
* Use common sessioner for API and Web
Instead of creating separate sessioner and doubly initialising the provider just
use the same sessioner for the API and Web routes.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'routers/api/v1/api.go')
| -rw-r--r-- | routers/api/v1/api.go | 16 |
1 files changed, 3 insertions, 13 deletions
diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index e74ff40995..d859642c42 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -87,7 +87,6 @@ import ( "code.gitea.io/gitea/services/forms" "gitea.com/go-chi/binding" - "gitea.com/go-chi/session" "github.com/go-chi/cors" ) @@ -547,20 +546,11 @@ func bind(obj interface{}) http.HandlerFunc { } // Routes registers all v1 APIs routes to web application. -func Routes() *web.Route { +func Routes(sessioner func(http.Handler) http.Handler) *web.Route { var m = web.NewRoute() - m.Use(session.Sessioner(session.Options{ - Provider: setting.SessionConfig.Provider, - ProviderConfig: setting.SessionConfig.ProviderConfig, - CookieName: setting.SessionConfig.CookieName, - CookiePath: setting.SessionConfig.CookiePath, - Gclifetime: setting.SessionConfig.Gclifetime, - Maxlifetime: setting.SessionConfig.Maxlifetime, - Secure: setting.SessionConfig.Secure, - SameSite: setting.SessionConfig.SameSite, - Domain: setting.SessionConfig.Domain, - })) + m.Use(sessioner) + m.Use(securityHeaders()) if setting.CORSConfig.Enabled { m.Use(cors.Handler(cors.Options{ |