thepaperpilot/forgejo
1
0
Fork 0
Code Issues Pull requests Releases Activity Actions 3

Fix invalid CSRF token bug, make sure CSRF tokens can be up-to-date (#19338)

Browse source 
There was a bug that the CSRF token wouldn't in 24h. This fix just does what the CSRF function comment says: If this request is a GET request, it will generate a new token. Then the CSRF token can be kept up-to-date.
This commit is contained in:
wxiaoguang 2022-04-06 23:47:58 +08:00 committed by GitHub
parent 0704009dd7
commit 57c2ca7f26
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
modules/context/csrf.go
View file

@ -229,6 +229,7 @@ func Csrfer(opt CsrfOptions, ctx *Context) CSRF {
}
}
needsNew = needsNew || ctx.Req.Method == "GET" // If this request is a Get request, it will generate a new token, make sure the token is always up-to-date.
if needsNew {
// FIXME: actionId.
x.Token = GenerateToken(x.Secret, x.ID, "POST")