diff options
| author | John Olheiser <john.olheiser@gmail.com> | 2020-02-25 14:28:47 -0600 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-25 14:28:47 -0600 |
| commit | c161bb013e091c0bcc524f07d50c028d9daf8cce (patch) | |
| tree | 0638e74576902e5c18cb77b3e469a5435cf707e5 /routers/routes | |
| parent | 4427a936b4c7bd07908ccbe96104928dd29cf59d (diff) | |
| download | gitea-c161bb013e091c0bcc524f07d50c028d9daf8cce.tar.gz gitea-c161bb013e091c0bcc524f07d50c028d9daf8cce.zip | |
Change action GETs to POST (#10462)
* Change action GETs to POST
* submite = submit + smite
* No more # href
* Fix test
* Match other tests
* Explicit csrf
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Diffstat (limited to 'routers/routes')
| -rw-r--r-- | routers/routes/routes.go | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/routers/routes/routes.go b/routers/routes/routes.go index 525115fb95..69745f6ebc 100644 --- a/routers/routes/routes.go +++ b/routers/routes/routes.go @@ -502,7 +502,7 @@ func RegisterRoutes(m *macaron.Macaron) { }, reqSignIn) m.Group("/:username", func() { - m.Get("/action/:action", user.Action) + m.Post("/action/:action", user.Action) }, reqSignIn) if macaron.Env == macaron.DEV { @@ -534,7 +534,7 @@ func RegisterRoutes(m *macaron.Macaron) { m.Get("/^:type(issues|pulls)$", user.Issues) m.Get("/milestones", reqMilestonesDashboardPageEnabled, user.Milestones) m.Get("/members", org.Members) - m.Get("/members/action/:action", org.MembersAction) + m.Post("/members/action/:action", org.MembersAction) m.Get("/teams", org.Teams) }, context.OrgAssignment(true)) @@ -542,8 +542,8 @@ func RegisterRoutes(m *macaron.Macaron) { m.Group("/:org", func() { m.Get("/teams/:team", org.TeamMembers) m.Get("/teams/:team/repositories", org.TeamRepositories) - m.Route("/teams/:team/action/:action", "GET,POST", org.TeamsAction) - m.Route("/teams/:team/action/repo/:action", "GET,POST", org.TeamsRepoAction) + m.Post("/teams/:team/action/:action", org.TeamsAction) + m.Post("/teams/:team/action/repo/:action", org.TeamsRepoAction) }, context.OrgAssignment(true, false, true)) m.Group("/:org", func() { @@ -681,7 +681,7 @@ func RegisterRoutes(m *macaron.Macaron) { }) }, reqSignIn, context.RepoAssignment(), context.UnitTypes(), reqRepoAdmin, context.RepoRef()) - m.Get("/:username/:reponame/action/:action", reqSignIn, context.RepoAssignment(), context.UnitTypes(), repo.Action) + m.Post("/:username/:reponame/action/:action", reqSignIn, context.RepoAssignment(), context.UnitTypes(), repo.Action) m.Group("/:username/:reponame", func() { m.Group("/issues", func() { @@ -735,7 +735,7 @@ func RegisterRoutes(m *macaron.Macaron) { Post(bindIgnErr(auth.CreateMilestoneForm{}), repo.NewMilestonePost) m.Get("/:id/edit", repo.EditMilestone) m.Post("/:id/edit", bindIgnErr(auth.CreateMilestoneForm{}), repo.EditMilestonePost) - m.Get("/:id/:action", repo.ChangeMilestonStatus) + m.Post("/:id/:action", repo.ChangeMilestonStatus) m.Post("/delete", repo.DeleteMilestone) }, context.RepoMustNotBeArchived(), reqRepoIssuesOrPullsWriter, context.RepoRef()) m.Group("/milestone", func() { |