aboutsummaryrefslogtreecommitdiffstats
path: root/routers/web
diff options
context:
space:
mode:
authorwxiaoguang <wxiaoguang@gmail.com>2022-04-08 13:21:05 +0800
committerGitHub <noreply@github.com>2022-04-08 13:21:05 +0800
commit84ceaa98bd731431c7d3a7f65e59e7ad076a540f (patch)
treefc2743a69cde4e46c3a55796e2ab1541269b6c65 /routers/web
parent3c3d49899f0f7206e190bdeecdc4da248cc7e686 (diff)
downloadgitea-84ceaa98bd731431c7d3a7f65e59e7ad076a540f.tar.gz
gitea-84ceaa98bd731431c7d3a7f65e59e7ad076a540f.zip
Refactor CSRF protection modules, make sure CSRF tokens can be up-to-date. (#19337)
Do a refactoring to the CSRF related code, remove most unnecessary functions. Parse the generated token's issue time, regenerate the token every a few minutes.
Diffstat (limited to 'routers/web')
-rw-r--r--routers/web/auth/auth.go2
-rw-r--r--routers/web/auth/oauth.go2
2 files changed, 2 insertions, 2 deletions
diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go
index ab538f0e5f..c82fde49eb 100644
--- a/routers/web/auth/auth.go
+++ b/routers/web/auth/auth.go
@@ -345,7 +345,7 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe
ctx.Locale = middleware.Locale(ctx.Resp, ctx.Req)
}
- // Clear whatever CSRF has right now, force to generate a new one
+ // Clear whatever CSRF cookie has right now, force to generate a new one
middleware.DeleteCSRFCookie(ctx.Resp)
// Register last login
diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go
index 4369c333ac..12de208ad7 100644
--- a/routers/web/auth/oauth.go
+++ b/routers/web/auth/oauth.go
@@ -1007,7 +1007,7 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model
log.Error("Error storing session: %v", err)
}
- // Clear whatever CSRF has right now, force to generate a new one
+ // Clear whatever CSRF cookie has right now, force to generate a new one
middleware.DeleteCSRFCookie(ctx.Resp)
// Register last login