Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix setting of SameSite on cookies #15989

Merged
merged 2 commits into from
May 27, 2021
Merged

Fix setting of SameSite on cookies #15989

merged 2 commits into from
May 27, 2021

Conversation

zeripath
Copy link
Contributor

Fix #15972

Signed-off-by: Andrew Thornton art27@cantab.net

@zeripath
Fix setting of SameSite on cookies
faff955 
Fix go-gitea#15972

Signed-off-by: Andrew Thornton <art27@cantab.net>
@zeripath zeripath added this to the 1.15.0 milestone May 26, 2021
noerw
noerw approved these changes May 26, 2021
View reviewed changes
Copy link
Member

@noerw noerw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👀

@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label May 26, 2021
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels May 27, 2021
@codecov-commenter
Copy link

Codecov Report

Merging #15989 (7998966) into main (568fe8c) will increase coverage by 0.01%.
The diff coverage is 66.66%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main   #15989      +/-   ##
==========================================
+ Coverage   44.03%   44.05%   +0.01%     
==========================================
  Files         682      682              
  Lines       82408    82408              
==========================================
+ Hits        36285    36301      +16     
+ Misses      40219    40208      -11     
+ Partials     5904     5899       -5
Impacted Files Coverage Δ
modules/web/middleware/cookie.go 64.65% <66.66%> (+7.75%) ⬆️
modules/queue/queue_channel.go 95.00% <0.00%> (-1.67%) ⬇️
modules/log/file.go 73.80% <0.00%> (-1.59%) ⬇️
modules/log/event.go 58.96% <0.00%> (-0.95%) ⬇️
modules/queue/unique_queue_disk_channel.go 48.63% <0.00%> (+1.36%) ⬆️
services/pull/patch.go 55.93% <0.00%> (+1.69%) ⬆️
services/pull/check.go 28.76% <0.00%> (+2.73%) ⬆️
services/pull/temp_repo.go 29.78% <0.00%> (+3.19%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 568fe8c...7998966. Read the comment docs.

@techknowlogick techknowlogick merged commit 6d39053 into go-gitea:main May 27, 2021
techknowlogick added a commit to techknowlogick/gitea that referenced this pull request May 27, 2021
@zeripath @techknowlogick
Fix setting of SameSite on cookies (go-gitea#15989)
31535a3 
Fix go-gitea#15972

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
@techknowlogick techknowlogick added the backport/done All backports for this PR have been created label May 27, 2021
@techknowlogick
Copy link
Member

backport created: #15991

techknowlogick added a commit that referenced this pull request May 27, 2021
@techknowlogick @zeripath @lunny
Fix setting of SameSite on cookies (#15989) (#15991)
3a79f11 
Fix #15972

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
@zeripath zeripath deleted the fix-samesite-bug branch May 27, 2021 16:17
@zeripath zeripath added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Jun 18, 2021
AbdulrhmnGhanem pushed a commit to kitspace/gitea that referenced this pull request Aug 10, 2021
@zeripath @techknowlogick @AbdulrhmnGhanem
Fix setting of SameSite on cookies (go-gitea#15989)
e7f57df 
Fix go-gitea#15972

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
@go-gitea go-gitea locked and limited conversation to collaborators Oct 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@techknowlogick techknowlogick techknowlogick approved these changes

@noerw noerw noerw approved these changes

Assignees
No one assigned
Labels
backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug
Projects
None yet
Milestone
1.15.0
Development

Successfully merging this pull request may close these issues.

SameSite cookie option applies only to _csrf cookie
5 participants
@zeripath @codecov-commenter @techknowlogick @noerw @GiteaBot