Replace CSRF cookie with CrossOriginProtection (#36183)
Removes the CSRF cookie in favor of [`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection) which relies purely on HTTP headers. Fixes: https://github.com/go-gitea/gitea/issues/11188 Fixes: https://github.com/go-gitea/gitea/issues/30333 Helps: https://github.com/go-gitea/gitea/issues/35107 TODOs: - [x] Fix tests - [ ] Ideally add tests to validates the protection --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
silverwind
@@ -34,7 +34,6 @@
|
||||
<th></th>
|
||||
<th colspan="5">
|
||||
<form class="tw-float-right" method="post" action="{{AppSubUrl}}/-/admin/notices/empty">
|
||||
{{.CsrfTokenHtml}}
|
||||
<button type="submit" class="ui red small button">{{ctx.Locale.Tr "admin.notices.delete_all"}}</button>
|
||||
</form>
|
||||
<div class="ui floating upward dropdown small button">
|
||||
|
||||
Reference in New Issue
Block a user