diff options
author | Lunny Xiao <xiaolunwen@gmail.com> | 2023-11-02 22:14:33 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-11-02 22:14:33 +0800 |
commit | 0ba4ecc3bd8443f0d3a834530a44e0c1334554b7 (patch) | |
tree | 84e60c264cc1afa7d8d884030d688b9ccaac2432 /routers/web/web.go | |
parent | 4776fde9e1caa7cee5671715144a668e19a0323c (diff) | |
download | gitea-0ba4ecc3bd8443f0d3a834530a44e0c1334554b7.tar.gz gitea-0ba4ecc3bd8443f0d3a834530a44e0c1334554b7.zip |
Fix http protocol auth (#27875)
Diffstat (limited to 'routers/web/web.go')
-rw-r--r-- | routers/web/web.go | 18 |
1 files changed, 4 insertions, 14 deletions
diff --git a/routers/web/web.go b/routers/web/web.go index 6449f7716c..f8b745fb10 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -276,6 +276,8 @@ func Routes() *web.Route { return routes } +var ignSignInAndCsrf = verifyAuthWithOptions(&common.VerifyOptions{DisableCSRF: true}) + // registerRoutes register routes func registerRoutes(m *web.Route) { reqSignIn := verifyAuthWithOptions(&common.VerifyOptions{SignInRequired: true}) @@ -283,7 +285,7 @@ func registerRoutes(m *web.Route) { // TODO: rename them to "optSignIn", which means that the "sign-in" could be optional, depends on the VerifyOptions (RequireSignInView) ignSignIn := verifyAuthWithOptions(&common.VerifyOptions{SignInRequired: setting.Service.RequireSignInView}) ignExploreSignIn := verifyAuthWithOptions(&common.VerifyOptions{SignInRequired: setting.Service.RequireSignInView || setting.Service.Explore.RequireSigninView}) - ignSignInAndCsrf := verifyAuthWithOptions(&common.VerifyOptions{DisableCSRF: true}) + validation.AddBindingRules() linkAccountEnabled := func(ctx *context.Context) { @@ -1512,19 +1514,7 @@ func registerRoutes(m *web.Route) { }) }, ignSignInAndCsrf, lfsServerEnabled) - m.Group("", func() { - m.PostOptions("/git-upload-pack", repo.ServiceUploadPack) - m.PostOptions("/git-receive-pack", repo.ServiceReceivePack) - m.GetOptions("/info/refs", repo.GetInfoRefs) - m.GetOptions("/HEAD", repo.GetTextFile("HEAD")) - m.GetOptions("/objects/info/alternates", repo.GetTextFile("objects/info/alternates")) - m.GetOptions("/objects/info/http-alternates", repo.GetTextFile("objects/info/http-alternates")) - m.GetOptions("/objects/info/packs", repo.GetInfoPacks) - m.GetOptions("/objects/info/{file:[^/]*}", repo.GetTextFile("")) - m.GetOptions("/objects/{head:[0-9a-f]{2}}/{hash:[0-9a-f]{38}}", repo.GetLooseObject) - m.GetOptions("/objects/pack/pack-{file:[0-9a-f]{40}}.pack", repo.GetPackFile) - m.GetOptions("/objects/pack/pack-{file:[0-9a-f]{40}}.idx", repo.GetIdxFile) - }, ignSignInAndCsrf, repo.HTTPGitEnabledHandler, repo.CorsHandler(), context_service.UserAssignmentWeb()) + gitHTTPRouters(m) }) }) // ***** END: Repository ***** |