github-forks
/
gitea
mirror of https://github.com/go-gitea/gitea.git
1
0
Fork 0
Code Projects Releases Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
release/v1.23
release/v1.22
release/v1.21
release/v1.20
release/v1.19
release/v1.18
release/v1.17
release/v1.16
release/v1.15
release/v1.14
release/v1.13
release/v1.12
release/v1.11
release/v1.10
release/v1.9
release/v1.8
v1.23.5
v1.23.4
v1.23.3
v1.23.2
v1.23.1
v1.23.0
v1.23.0-rc0
v1.22.6
v1.22.5
v1.22.4
v1.22.3
v1.22.2
v1.22.1
v1.22.0
v1.22.0-rc1
v1.21.11
v1.22.0-rc0
v1.21.10
v1.21.9
v1.21.8
v1.21.7
v1.21.6
v1.21.5
v1.21.4
v1.21.3
v1.21.2
v1.20.6
v1.21.1
v1.21.0
v1.21.0-rc2
v1.21.0-rc1
v1.20.5
v1.22.0-dev
v1.21.0-rc0
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.19.4
v1.21.0-dev
v1.20.0-rc2
v1.19.3
v1.19.2
v1.19.1
v1.19.0
v1.19.0-rc1
v1.20.0-dev
v1.19.0-rc0
v1.18.5
v1.18.4
v1.18.3
v1.18.2
v1.18.1
v1.18.0
v1.17.4
v1.18.0-rc1
v1.19.0-dev
v1.18.0-rc0
v1.17.3
v1.17.2
v1.17.1
v1.17.0
v1.17.0-rc2
v1.16.9
v1.17.0-rc1
v1.18.0-dev
v1.16.8
v1.16.7
v1.16.6
v1.16.5
v1.16.4
v1.16.3
v1.16.2
v1.16.1
v1.16.0
v1.15.11
v1.17.0-dev
v1.16.0-rc1
v1.15.10
v1.15.9
v1.15.8
v1.15.7
v1.15.6
v1.15.5
v1.15.4
v1.15.3
v1.15.2
v1.15.1
v1.14.7
v1.15.0
v1.15.0-rc3
v1.14.6
v1.15.0-rc2
v1.14.5
v1.16.0-dev
v1.15.0-rc1
v1.14.4
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.7
v1.14.0-rc2
v1.13.6
v1.13.5
v1.14.0-rc1
v1.15.0-dev
v1.13.4
v1.13.3
v1.13.2
v1.13.1
v1.13.0
v1.12.6
v1.13.0-rc2
v1.14.0-dev
v1.13.0-rc1
v1.12.5
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.11.8
v1.12.0
v1.11.7
v1.12.0-rc2
v1.11.6
v1.12.0-rc1
v1.13.0-dev
v1.11.5
v1.11.4
v1.11.3
v1.10.6
v1.12.0-dev
v1.11.2
v1.10.5
v1.11.1
v1.10.4
v1.11.0
v1.11.0-rc2
v1.10.3
v1.11.0-rc1
v1.10.2
v1.10.1
v1.10.0
v1.9.6
v1.9.5
v1.10.0-rc2
v1.11.0-dev
v1.10.0-rc1
v1.9.4
v1.9.3
v1.9.2
v1.9.0
v1.9.0-rc2
v1.10.0-dev
v1.9.0-rc1
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.8.0-rc3
v1.7.6
v1.8.0-rc2
v1.7.5
v1.8.0-rc1
v1.9.0-dev
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.7.0-rc3
v1.6.4
v1.7.0-rc2
v1.6.3
v1.7.0-rc1
v1.7.0-dev
v1.6.2
v1.6.1
v1.6.0
v1.6.0-rc2
v1.5.3
v1.6.0-rc1
v1.6.0-dev
v1.5.2
v1.5.1
v1.5.0
v1.5.0-rc2
v1.5.0-rc1
v1.5.0-dev
v1.4.3
v1.4.1
v1.4.0
v1.4.0-rc3
v1.4.0-rc2
v1.3.3
v1.4.0-rc1
v1.3.2
v1.3.1
v1.3.0
v1.3.0-rc2
v1.3.0-rc1
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc2
v1.1.4
v1.2.0-rc1
v1.1.3
v1.1.1
v1.1.0
v1.0.2
v0.9.99
v1.0.0
v1.0.1
v1.1.2
v1.2.0-rc3
v1.20.0-rc0
v1.20.0-rc1
v1.23.0-dev
v1.24.0-dev
v1.4.2
v1.9.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '265f485295'
${ noResults }
gitea/modules
History
Giteabot f144521aea
Deprecate query string auth tokens (#28390) (#28430) 
Backport #28390 by @jackHay22

## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example: 
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

Co-authored-by: Jack Hay <jack@allspice.io>
Co-authored-by: delvh <dev.lh@web.de>
 		1 year ago
..
actions chore(actions): support cron schedule task (#26655) 2 years ago
activitypub More refactoring of `db.DefaultContext` (#27083) 2 years ago
analyze Rename code_langauge.go to code_language.go (#26377) 2 years ago
assetfs Use `Set[Type]` instead of `map[Type]bool/struct{}`. (#26804) 2 years ago
auth Next round of `db.DefaultContext` refactor (#27089) 2 years ago
avatar Remove nfnt/resize and oliamb/cutter (#25999) 2 years ago
base Replace `interface{}` with `any` (#25686) 2 years ago
cache improve unit test for caching (#26185) 2 years ago
charset Replace `interface{}` with `any` (#25686) 2 years ago
container Implement FSFE REUSE for golang files (#21840) 2 years ago
context Add guide page to actions when there's no workflows (#28145) (#28153) 1 year ago
contexttest Avoid double-unescaping of form value (#26853) 2 years ago
csv Refactor locale number (#24134) 2 years ago
doctor Improve doctor cli behavior (#28422) (#28424) 1 year ago
emoji Update emoji set to Unicode 15 (#25595) 2 years ago
eventsource More `db.DefaultContext` refactor (#27265) (#27347) 1 year ago
generate Handle base64 decoding correctly to avoid panic (#26483) 2 years ago
git Make gogit Repository.GetBranchNames consistent (#28348) (#28386) 1 year ago
gitgraph More `db.DefaultContext` refactor (#27265) (#27347) 1 year ago
graceful Allow the use of alternative net.Listener implementations by downstreams (#25855) 2 years ago
hcaptcha Consume hcaptcha and pwn deps (#22610) 2 years ago
highlight Upgrade go dependencies (#25819) 2 years ago
hostmatcher Support allowed hosts for webhook to work with proxy (#27655) (#27675) 1 year ago
html Refactor backend SVG package and add tests (#26335) 2 years ago
httpcache Less naked returns (#25713) 2 years ago
httplib Less naked returns (#25713) 2 years ago
indexer Meilisearch: require all query terms to be matched (#28293) (#28296) 1 year ago
issue/template Replace `interface{}` with `any` (#25686) 2 years ago
json Replace `interface{}` with `any` (#25686) 2 years ago
label Make label templates have consistent behavior and priority (#23749) 2 years ago
lfs Refactor lfs requests (#26783) 2 years ago
log Reduce some allocations in type conversion (#26772) 2 years ago
markup Render email addresses as such if followed by punctuation (#27987) (#27992) 1 year ago
mcaptcha Implement FSFE REUSE for golang files (#21840) 2 years ago
metrics Reduce usage of `db.DefaultContext` (#27073) 2 years ago
migration Replace `interface{}` with `any` (#25686) 2 years ago
nosql Update tool dependencies, lock govulncheck and actionlint (#25655) 2 years ago
options Use a general approach to access custom/static/builtin assets (#24022) 2 years ago
packages Close all hashed buffers (#27787) (#27790) 1 year ago
paginator Use more specific test methods (#24265) 2 years ago
pprof Implement FSFE REUSE for golang files (#21840) 2 years ago
private Replace `interface{}` with `any` (#25686) 2 years ago
process Less naked returns (#25713) 2 years ago
proxy Use proxy for pull mirror (#22771) 2 years ago
proxyprotocol Implement FSFE REUSE for golang files (#21840) 2 years ago
public Serve pre-defined files in "public", add "security.txt", add CORS header for ".well-known" (#25974) 2 years ago
queue Increase queue length (#27555) (#27562) 1 year ago
recaptcha Implement FSFE REUSE for golang files (#21840) 2 years ago
references Replace 'userxx' with 'orgxx' in all test files when the user type is org (#27052) 2 years ago
regexplru Upgrade go dependencies (#25819) 2 years ago
repository Ignore "non-existing" errors when getDirectorySize calculates the size (#28276) (#28285) 1 year ago
secret Improve decryption failure message (#24573) 2 years ago
session Next round of `db.DefaultContext` refactor (#27089) 2 years ago
setting Deprecate query string auth tokens (#28390) (#28430) 1 year ago
sitemap Fix sitemap (#22272) 2 years ago
ssh restrict certificate type for builtin SSH server (#26789) 2 years ago
storage Fix object storage path handling (#27024) 2 years ago
structs Fix package webhook (#27839) (#27855) 1 year ago
svg Refactor backend SVG package and add tests (#26335) 2 years ago
sync Implement FSFE REUSE for golang files (#21840) 2 years ago
system Implement FSFE REUSE for golang files (#21840) 2 years ago
templates Fix label render containing invalid HTML (#27752) (#27762) 1 year ago
test Move web/api context related testing function into a separate package (#26859) 2 years ago
testlogger Replace `interface{}` with `any` (#25686) 2 years ago
timeutil Fix incorrect webhook time and use relative-time to display it (#24477) 2 years ago
translation Replace `interface{}` with `any` (#25686) 2 years ago
turnstile Add new captcha: cloudflare turnstile (#22369) 2 years ago
typesniffer Detect ogg mime-type as audio or video (#26494) 2 years ago
updatechecker Implement FSFE REUSE for golang files (#21840) 2 years ago
upload Implement FSFE REUSE for golang files (#21840) 2 years ago
uri Implement FSFE REUSE for golang files (#21840) 2 years ago
user Implement FSFE REUSE for golang files (#21840) 2 years ago
util Refactor lfs requests (#26783) 2 years ago
validation Check blocklist for emails when adding them to account (#26812) 2 years ago
web Make CORS work for oauth2 handlers (#28184) (#28185) 1 year ago
webhook New webhook trigger for receiving Pull Request review requests (#24481) 2 years ago