lianguan/gitea
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
gitea/modules/setting
History
zeripath 2e317d3f6e Prevent security failure due to bad APP_ID (#18678) (#18682) 
Backport #18678

WebAuthn may cause a security exception if the provided APP_ID is not allowed for the
current origin. Therefore we should reattempt authentication without the appid
extension.

Also we should allow [u2f] as-well as [U2F] sections.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-10 16:17:44 +01:00
..
attachment.go
Add MP4 as default allowed attachment type (#18170)
2022-01-04 04:36:47 +01:00
cache.go
Add LRU mem cache implementation (#16226)
2021-07-10 23:54:15 +02:00
cors.go
Allow setting X-FRAME-OPTIONS (#16643)
2021-08-06 16:47:10 -04:00
cron_test.go
Allow extended config on cron settings (#12939)
2020-09-25 09:58:09 +01:00
cron.go
Allow extended config on cron settings (#12939)
2020-09-25 09:58:09 +01:00
database_sqlite.go
Refactor install page (db type) (#17919)
2021-12-07 13:44:08 +08:00
database_test.go
Move database settings from models to setting (#7806)
2019-08-24 11:24:45 +02:00
database.go
Refactor install page (db type) (#17919)
2021-12-07 13:44:08 +08:00
directory.go
Improve install code to avoid low-level mistakes. (#17779)
2021-12-01 15:50:01 +08:00
federation.go
Add nodeinfo endpoint for federation purposes (#16953)
2021-09-28 01:38:06 +02:00
git.go
Enable partial clone by default (#18195)
2022-01-06 06:38:38 +01:00
i18n.go
Improve install code to avoid low-level mistakes. (#17779)
2021-12-01 15:50:01 +08:00
indexer_test.go
Restrict repository indexing by glob match (#7767)
2019-09-11 20:26:28 +03:00
indexer.go
Fix various documentation, user-facing, and source comment typos (#16367)
2021-07-08 13:38:13 +02:00
lfs.go
Let package git depend on setting but not opposite (#15241)
2021-06-26 13:28:55 +02:00
log.go
Simplify parameter types (#18006)
2021-12-20 04:41:31 +00:00
mailer.go
Add option to convert CRLF to LF line endings for sendmail (#18075)
2022-01-06 01:43:45 +01:00
markup.go
Make Mermaid.js limit configurable (#16519)
2021-07-24 00:21:51 -04:00
migrations.go
Use hostmatcher to replace matchlist, improve security (#17605)
2021-11-20 17:34:05 +08:00
mime_type_map.go
Add mimetype mapping settings (#15133)
2021-05-10 16:38:08 -04:00
mirror.go
Make mirror feature more configurable (#16957)
2021-09-07 17:49:36 +02:00
oauth2_client.go
OAuth2 login: Set account link to "login" as default behavior (#15768)
2021-05-07 16:15:16 +02:00
picture.go
Make AvatarRenderedSizeFactor configurable and set it to 3 (#17951)
2021-12-16 10:18:38 +08:00
project.go
Kanban board (#8346)
2020-08-16 23:07:38 -04:00
proxy.go
Add proxy settings and support for migration and webhook (#16704)
2021-08-18 21:10:39 +08:00
queue.go
A better go code formatter, and now make fmt can run in Windows (#17684)
2021-11-17 20:34:35 +08:00
repository.go
Make Co-committed-by and co-authored-by trailers optional (#17848)
2021-11-29 07:09:55 +00:00
service.go
add configuration option to restrict users by default (#16256)
2021-07-15 15:19:48 -04:00
session.go
Add an abstract json layout to make it's easier to change json library (#16528)
2021-07-24 18:03:58 +02:00
setting_test.go
Add an abstract json layout to make it's easier to change json library (#16528)
2021-07-24 18:03:58 +02:00
setting.go
Prevent security failure due to bad APP_ID (#18678) (#18682)
2022-02-10 16:17:44 +01:00
storage_test.go
more test case for STORAGE_TYPE overrides (and fixes) (#14096)
2020-12-22 01:03:18 +02:00
storage.go
Rework repository archive (#14723)
2021-06-23 17:12:38 -04:00
task.go
Avoid setitng the CONN_STR in queues unless it is meant to be set (#13025)
2020-10-04 18:12:26 +01:00
webhook.go
Use hostmatcher to replace matchlist, improve security (#17605)
2021-11-20 17:34:05 +08:00