forgejo

mirror of https://codeberg.org/forgejo/forgejo synced 2025-10-20 00:10:44 +02:00

History

forgejo-backport-action 5be039310c [v12.0/forgejo] fix: validate CSRF on non-safe methods (#9082 ) Backport: https://codeberg.org/forgejo/forgejo/pulls/9071 All PUT/DELETE routes in the web UI are validated to prevent a [cross site request forgery](https://en.wikipedia.org/wiki/Cross-site_request_forgery). Although all POST routes are validated with a CSRF token, some of the PUT/DELETE routes were missing this validation. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Security bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/9071): <!--number 9071 --><!--line 0 --><!--description dmFsaWRhdGUgQ1NSRiBvbiBub24tc2FmZSBtZXRob2Rz-->validate CSRF on non-safe methods<!--description--> <!--end release-notes-assistant--> Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9082 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>		2025-08-30 18:46:31 +02:00
..
api	[v12.0/forgejo] fix: email comments are removed from email addresses (#9083 )	2025-08-30 18:45:30 +02:00
common	chore(cleanup): replaces unnecessary calls to formatting functions by non-formatting equivalents (#7994 )	2025-05-29 17:34:29 +02:00
install	chore: use `sharp` to generate images (#7512 )	2025-04-11 15:12:50 +00:00
private	chore(cleanup): replaces unnecessary calls to formatting functions by non-formatting equivalents (#7994 )	2025-05-29 17:34:29 +02:00
utils
web	[v12.0/forgejo] fix: validate CSRF on non-safe methods (#9082 )	2025-08-30 18:46:31 +02:00
init.go