public/gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-03-23 06:59:01 +09:00
Code Issues Packages Projects Releases Wiki Activity
20,443 Commits 22 Branches 246 Tags
28e09ffc67554fc396333af18297da3e95e2f080
Commit Graph

13 Commits

Author SHA1 Message Date
Nicolas
26d83c932a Instance-wide (global) info banner and maintenance mode (#36571) 
The banner allows site operators to communicate important announcements
(e.g., maintenance windows, policy updates, service notices) directly
within the UI.

The maintenance mode only allows admin to access the web UI.

* Fix #2345
* Fix #9618

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
 2026-02-26 23:16:11 +08:00
wxiaoguang
b79dbfa990 Fix link/origin referrer and login redirect (#36279) 
Fix #35998

1. Fix `<a rel>` :
    * "_blank" already means "noopener"
* "noreferrer" is already provided by page's `<meta name="referrer">`
2. Fix "redirect_to" mechisam
* Use "referer" header to determine the redirect link for a successful
login
3. Simplify code and merge duplicate logic
 2026-01-03 11:43:04 +08:00
wxiaoguang
6b5563c54a Support selecting theme on the footer (#35741) 
Fixes: https://github.com/go-gitea/gitea/pull/27576
 2025-10-28 18:25:00 +08:00
wxiaoguang
5342a61124 Delete legacy cookie before setting new cookie (#31306) 
Try to fix #31202
 2024-06-11 11:31:23 +08:00
Jason Song
61457cdf6b Avoid importing modules/web/middleware in modules/session (#30584) 
Related to #30375.

It doesn't make sense to import `modules/web/middleware` and
`modules/setting` in `modules/web/session` since the last one is more
low-level.

And it looks like a workaround to call `DeleteLegacySiteCookie` in
`RegenerateSession`, so maybe we could reverse the importing by
registering hook functions.
 2024-04-19 04:03:53 +00:00
Jonathan Tran
b18c04ebde fix: Fix to delete cookie when AppSubURL is non-empty (#30375) 
Cookies may exist on "/subpath" and "/subpath/" for some legacy reasons (eg: changed CookiePath behavior in code). The legacy cookie should be removed correctly.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
 2024-04-14 12:46:56 +08:00
wxiaoguang
5b9557aef5 Refactor cookie (#24107) 
Close #24062

At the beginning, I just wanted to fix the warning mentioned by #24062

But, the cookie code really doesn't look good to me, so clean up them.

Complete the TODO on `SetCookie`: 

> TODO: Copied from gitea.com/macaron/macaron and should be improved
after macaron removed.
 2023-04-13 15:45:33 -04:00
flynnnnnnnnnn
e81ccc406b Implement FSFE REUSE for golang files (#21840) 
Change all license headers to comply with REUSE specification.

Fix #16132

Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
 2022-11-27 18:20:29 +00:00
wxiaoguang
84ceaa98bd Refactor CSRF protection modules, make sure CSRF tokens can be up-to-date. (#19337) 
Do a refactoring to the CSRF related code, remove most unnecessary functions.
Parse the generated token's issue time, regenerate the token every a few minutes.
 2022-04-08 13:21:05 +08:00
Gusted
ff2fd08228 Simplify parameter types (#18006) 
Remove repeated type declarations in function definitions.
 2021-12-20 04:41:31 +00:00
zeripath
6d39053711 Fix setting of SameSite on cookies (#15989) 
Fix #15972

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
 2021-05-26 21:01:07 -04:00
zeripath
9b261f52f0 Add SameSite setting for cookies (#14900) 
Add SameSite setting for cookies and rationalise the cookie setting code. Switches SameSite to Lax by default. 

There is a possible future extension of differentiating which cookies could be set at Strict by default but that is for a future PR.

Fix #5583

Signed-off-by: Andrew Thornton <art27@cantab.net>
 2021-03-07 08:12:43 +00:00
Lunny Xiao
5e20fd6dbf Move middlewares to web/middleware (#14480) 
Co-authored-by: 6543 <6543@obermui.de>
 2021-01-30 10:55:53 +02:00