diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2022-04-08 13:21:05 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-08 13:21:05 +0800 |
| commit | 84ceaa98bd731431c7d3a7f65e59e7ad076a540f (patch) | |
| tree | fc2743a69cde4e46c3a55796e2ab1541269b6c65 /routers/web/auth | |
| parent | 3c3d49899f0f7206e190bdeecdc4da248cc7e686 (diff) | |
| download | gitea-84ceaa98bd731431c7d3a7f65e59e7ad076a540f.tar.gz gitea-84ceaa98bd731431c7d3a7f65e59e7ad076a540f.zip | |
Refactor CSRF protection modules, make sure CSRF tokens can be up-to-date. (#19337)
Do a refactoring to the CSRF related code, remove most unnecessary functions.
Parse the generated token's issue time, regenerate the token every a few minutes.
Diffstat (limited to 'routers/web/auth')
| -rw-r--r-- | routers/web/auth/auth.go | 2 | ||||
| -rw-r--r-- | routers/web/auth/oauth.go | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index ab538f0e5f..c82fde49eb 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -345,7 +345,7 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe ctx.Locale = middleware.Locale(ctx.Resp, ctx.Req) } - // Clear whatever CSRF has right now, force to generate a new one + // Clear whatever CSRF cookie has right now, force to generate a new one middleware.DeleteCSRFCookie(ctx.Resp) // Register last login diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index 4369c333ac..12de208ad7 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -1007,7 +1007,7 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model log.Error("Error storing session: %v", err) } - // Clear whatever CSRF has right now, force to generate a new one + // Clear whatever CSRF cookie has right now, force to generate a new one middleware.DeleteCSRFCookie(ctx.Resp) // Register last login |