Nemcio/Gitea
1
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-02-23 15:11:04 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
6c95ddcc6786dcc82e5fac9a5a44b20a03497d89
Gitea/services/context
History
silverwind 5f8e19fcef Move X_FRAME_OPTIONS setting from cors to security section (#30256) 
## Summary

- Move `cors.X_FRAME_OPTIONS` to `security.X_FRAME_OPTIONS` (old
location still works with a deprecation warning)
- Support `"unset"` as a special value to remove the `X-Frame-Options`
header entirely
- Remove `X-Frame-Options` header from API responses (only set for
web/HTML responses)

## Migration

If you had customized `cors.X_FRAME_OPTIONS`, move it to the
`[security]` section. The old location is deprecated and will be removed
in a future release.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2026-02-22 20:26:46 +00:00
..
upload
various fixes (#36697)
2026-02-22 08:01:43 +01:00
access_log_test.go
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
access_log.go
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
api_org.go
Move context from modules to services (#29440)
2024-02-27 08:12:22 +01:00
api_test.go
Enable testifylint rules (#34075)
2025-03-31 01:53:48 -04:00
api.go
Move X_FRAME_OPTIONS setting from cors to security section (#30256)
2026-02-22 20:26:46 +00:00
base_form.go
Add workflow_run api + webhook (#33964)
2025-06-20 20:14:00 +08:00
base_path.go
Address some CodeQL security concerns (#35572)
2025-10-04 01:21:26 +08:00
base_test.go
Enable addtional linters (#34085)
2025-04-01 10:14:01 +00:00
base.go
Fix link/origin referrer and login redirect (#36279)
2026-01-03 11:43:04 +08:00
captcha.go
fix: Improve image captcha contrast for dark mode (#36265)
2026-01-24 05:41:51 +00:00
context_cookie.go
Replace CSRF cookie with CrossOriginProtection (#36183)
2025-12-25 12:33:34 +02:00
context_model.go
Refactor context repository (#33202)
2025-01-12 03:39:46 +00:00
context_request.go
Move context from modules to services (#29440)
2024-02-27 08:12:22 +01:00
context_response.go
Check user visibility when redirecting to a renamed user (#36148)
2025-12-14 03:14:18 +01:00
context_template.go
Support selecting theme on the footer (#35741)
2025-10-28 18:25:00 +08:00
context_test.go
Refactor request context (#32956)
2024-12-24 11:43:57 +08:00
context.go
Move X_FRAME_OPTIONS setting from cors to security section (#30256)
2026-02-22 20:26:46 +00:00
org.go
Fix OrgAssignment opts (#36174)
2025-12-17 17:19:22 +08:00
package.go
Refactor template render (#36438)
2026-01-24 05:11:49 +00:00
pagination_test.go
Fix notifications pagination query parameters (#36351)
2026-01-12 22:17:42 +00:00
pagination.go
Fix notifications pagination query parameters (#36351)
2026-01-12 22:17:42 +00:00
permission.go
Run gopls modernize on codebase (#34751)
2025-06-18 01:48:09 +00:00
private.go
Fix SSH LFS timeout (#34838)
2025-06-24 15:49:31 +00:00
repo.go
Allow configuring default PR base branch (fixes #36412) (#36425)
2026-02-07 01:34:29 +00:00
response.go
Remove duplicate "ResponseWriter.Status" method (#33346)
2025-01-22 06:37:52 +00:00
user.go
Check user visibility when redirecting to a renamed user (#36148)
2025-12-14 03:14:18 +01:00
utils.go
Move context from modules to services (#29440)
2024-02-27 08:12:22 +01:00