Nemcio/Gogs
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2026-05-06 18:26:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

api: fix critical CSRF vulnerabilities on API routes (#5355)

Browse Source 
By explicitly requires token authentication.
This commit is contained in:
Unknwon
2018-11-28 21:05:58 -05:00
parent e9be8016e6
commit 3db9b06a6e
5 changed files with 34 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
pkg/context/context.go
View File

@@ -40,6 +40,7 @@ type Context struct {
User *models.User
IsLogged bool
IsBasicAuth bool
IsTokenAuth bool
Repo *Repository
Org *Organization
@@ -289,8 +290,8 @@ func Contexter() macaron.Handler {
c.Header().Set("Access-Control-Allow-Headers", "Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With")
}
// Get user from session if logined.
c.User, c.IsBasicAuth = auth.SignedInUser(c.Context, c.Session)
// Get user from session or header when possible
c.User, c.IsBasicAuth, c.IsTokenAuth = auth.SignedInUser(c.Context, c.Session)
if c.User != nil {
c.IsLogged = true