Backport #5250 on v1.6: Fix Issue 5249 and protect /api/v1/admin routes with CSRF token #5272

zeripath · 2018-11-04T14:57:15Z

This PR backports #5250 on to v1.6

… creation Fixes go-gitea#5226, go-gitea#5249

zeripath added 2 commits November 4, 2018 14:54

Add CSRF checking to reqToken and place CSRF in the post for deadline…

f5b97f5

… creation Fixes go-gitea#5226, go-gitea#5249

/api/v1/admin/users routes should have reqToken middleware

f24778f

techknowlogick added type/bug topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! labels Nov 4, 2018

techknowlogick approved these changes Nov 4, 2018

View reviewed changes

bkcsoft added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Nov 4, 2018

sapk approved these changes Nov 4, 2018

View reviewed changes

bkcsoft added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 4, 2018

techknowlogick merged commit c0bbbdd into go-gitea:release/v1.6 Nov 4, 2018

zeripath deleted the issue-5249 branch November 4, 2018 15:56

go-gitea locked and limited conversation to collaborators Nov 24, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Backport #5250 on v1.6: Fix Issue 5249 and protect /api/v1/admin routes with CSRF token #5272

Backport #5250 on v1.6: Fix Issue 5249 and protect /api/v1/admin routes with CSRF token #5272

zeripath commented Nov 4, 2018

Backport #5250 on v1.6: Fix Issue 5249 and protect /api/v1/admin routes with CSRF token #5272

Backport #5250 on v1.6: Fix Issue 5249 and protect /api/v1/admin routes with CSRF token #5272

Conversation

zeripath commented Nov 4, 2018