mirror of
https://github.com/go-gitea/gitea.git
synced 2026-01-31 19:59:56 +01:00
42d294941c
Removes the CSRF cookie in favor of [`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection) which relies purely on HTTP headers. Fixes: https://github.com/go-gitea/gitea/issues/11188 Fixes: https://github.com/go-gitea/gitea/issues/30333 Helps: https://github.com/go-gitea/gitea/issues/35107 TODOs: - [x] Fix tests - [ ] Ideally add tests to validates the protection --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
23 lines
960 B
Handlebars
23 lines
960 B
Handlebars
<div class="ui small modal" id="block-user-modal">
|
|
<div class="header">{{ctx.Locale.Tr "user.block.title"}}</div>
|
|
<div class="content">
|
|
<div class="ui warning message">{{ctx.Locale.Tr "user.block.info"}}</div>
|
|
<form class="ui form modal-form" method="post">
|
|
<input type="hidden" name="action" value="block" />
|
|
<input type="hidden" name="blockee" class="modal-blockee" />
|
|
<div class="field">
|
|
<label>{{ctx.Locale.Tr "user.block.user_to_block"}}: <span class="text red modal-blockee-name"></span></label>
|
|
</div>
|
|
<div class="field">
|
|
<label for="block-note">{{ctx.Locale.Tr "user.block.note.title"}}</label>
|
|
<input id="block-note" name="note">
|
|
<p class="help">{{ctx.Locale.Tr "user.block.note.info"}}</p>
|
|
</div>
|
|
<div class="actions">
|
|
<button class="ui cancel button">{{ctx.Locale.Tr "cancel"}}</button>
|
|
<button class="ui red button">{{ctx.Locale.Tr "user.block.block"}}</button>
|
|
</div>
|
|
</form>
|
|
</div>
|
|
</div>
|