mirror of
https://github.com/go-gitea/gitea.git
synced 2025-12-28 05:14:09 +00:00
42d294941c
Removes the CSRF cookie in favor of [`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection) which relies purely on HTTP headers. Fixes: https://github.com/go-gitea/gitea/issues/11188 Fixes: https://github.com/go-gitea/gitea/issues/30333 Helps: https://github.com/go-gitea/gitea/issues/35107 TODOs: - [x] Fix tests - [ ] Ideally add tests to validates the protection --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
62 lines
2.6 KiB
Handlebars
62 lines
2.6 KiB
Handlebars
{{template "base/head" .}}
|
|
<div role="main" aria-label="{{.Title}}" class="page-content package settings options{{if .ContextUser.IsOrganization}} organization{{end}}">
|
|
{{if .ContextUser.IsOrganization}}
|
|
{{template "org/header" .}}
|
|
{{else}}
|
|
{{template "shared/user/org_profile_avatar" .}}
|
|
{{end}}
|
|
<div class="ui container">
|
|
{{if not .ContextUser.IsOrganization}}
|
|
{{template "user/overview/header" .}}
|
|
{{end}}
|
|
{{template "base/alert" .}}
|
|
<p><a href="{{.PackageDescriptor.VersionWebLink}}">{{.PackageDescriptor.Package.Name}} ({{.PackageDescriptor.Version.Version}})</a> / <strong>{{ctx.Locale.Tr "repo.settings"}}</strong></p>
|
|
<h4 class="ui top attached header">
|
|
{{ctx.Locale.Tr "packages.settings.link"}}
|
|
</h4>
|
|
<div class="ui attached segment">
|
|
<p>{{ctx.Locale.Tr "packages.settings.link.description"}}</p>
|
|
<form class="ui form form-fetch-action ignore-dirty flex-text-block" action="{{.Link}}" method="post">
|
|
<input type="hidden" name="action" value="link">
|
|
<div data-global-init="initSearchRepoBox" class="ui search" data-uid="{{.PackageDescriptor.Owner.ID}}">
|
|
<div class="ui input">
|
|
<input class="prompt" name="repo_name" value="{{.LinkedRepoName}}" placeholder="{{ctx.Locale.Tr "search.repo_kind"}}" autocomplete="off">
|
|
</div>
|
|
</div>
|
|
<button class="ui primary button">{{ctx.Locale.Tr "packages.settings.link.button"}}</button>
|
|
</form>
|
|
</div>
|
|
<h4 class="ui top attached error header">
|
|
{{ctx.Locale.Tr "repo.settings.danger_zone"}}
|
|
</h4>
|
|
<div class="ui attached error danger segment">
|
|
<div class="flex-list">
|
|
<div class="flex-item">
|
|
<div class="flex-item-main">
|
|
<div class="flex-item-title">{{ctx.Locale.Tr "packages.settings.delete"}}</div>
|
|
<div class="flex-item-body">{{ctx.Locale.Tr "packages.settings.delete.description"}}</div>
|
|
</div>
|
|
<div class="flex-item-trailing">
|
|
<button class="ui basic red show-modal button" data-modal="#delete-package-modal">{{ctx.Locale.Tr "packages.settings.delete"}}</button>
|
|
</div>
|
|
<div class="ui tiny modal" id="delete-package-modal">
|
|
<div class="header">
|
|
{{ctx.Locale.Tr "packages.settings.delete"}}
|
|
</div>
|
|
<div class="content">
|
|
<div class="ui warning message tw-break-anywhere">
|
|
{{ctx.Locale.Tr "packages.settings.delete.notice" .PackageDescriptor.Package.Name .PackageDescriptor.Version.Version}}
|
|
</div>
|
|
<form class="ui form" action="{{.Link}}" method="post">
|
|
<input type="hidden" name="action" value="delete">
|
|
{{template "base/modal_actions_confirm" .}}
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
{{template "base/footer" .}}
|