diff options
| author | wxiaoguang <wxiaoguang@gmail.com> | 2024-09-18 15:17:25 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-09-18 15:17:25 +0800 |
| commit | 1fede04b83288d8a91304a83b7601699bb5cba04 (patch) | |
| tree | 14bbb3e790c8a6527d159ad1405894f0e05ad4dd /routers | |
| parent | 55f1fcf0ad20d69fcd62c764f6da74ae56bd5f73 (diff) | |
| download | gitea-1fede04b83288d8a91304a83b7601699bb5cba04.tar.gz gitea-1fede04b83288d8a91304a83b7601699bb5cba04.zip | |
Refactor CSRF protector (#32057)
Remove unused CSRF options, decouple "new csrf protector" and "prepare"
logic, do not redirect to home page if CSRF validation falis (it
shouldn't happen in daily usage, if it happens, redirecting to home
doesn't help either but just makes the problem more complex for "fetch")
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/web/web.go | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/routers/web/web.go b/routers/web/web.go index 41b019e4b5..f1e941a84e 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -129,6 +129,8 @@ func webAuth(authMethod auth_service.Method) func(*context.Context) { // ensure the session uid is deleted _ = ctx.Session.Delete("uid") } + + ctx.Csrf.PrepareForSessionUser(ctx) } } |