forgejo/modules/setting
zeripath 2e317d3f6e
Prevent security failure due to bad APP_ID (#18678) (#18682)
Backport #18678

WebAuthn may cause a security exception if the provided APP_ID is not allowed for the
current origin. Therefore we should reattempt authentication without the appid
extension.

Also we should allow [u2f] as-well as [U2F] sections.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-10 16:17:44 +01:00
..
attachment.go Add MP4 as default allowed attachment type (#18170) 2022-01-04 04:36:47 +01:00
cache.go Add LRU mem cache implementation (#16226) 2021-07-10 23:54:15 +02:00
cors.go Allow setting X-FRAME-OPTIONS (#16643) 2021-08-06 16:47:10 -04:00
cron.go
cron_test.go
database.go Refactor install page (db type) (#17919) 2021-12-07 13:44:08 +08:00
database_sqlite.go Refactor install page (db type) (#17919) 2021-12-07 13:44:08 +08:00
database_test.go
directory.go Improve install code to avoid low-level mistakes. (#17779) 2021-12-01 15:50:01 +08:00
federation.go Add nodeinfo endpoint for federation purposes (#16953) 2021-09-28 01:38:06 +02:00
git.go Enable partial clone by default (#18195) 2022-01-06 06:38:38 +01:00
i18n.go Improve install code to avoid low-level mistakes. (#17779) 2021-12-01 15:50:01 +08:00
indexer.go Fix various documentation, user-facing, and source comment typos (#16367) 2021-07-08 13:38:13 +02:00
indexer_test.go
lfs.go Let package git depend on setting but not opposite (#15241) 2021-06-26 13:28:55 +02:00
log.go Simplify parameter types (#18006) 2021-12-20 04:41:31 +00:00
mailer.go Add option to convert CRLF to LF line endings for sendmail (#18075) 2022-01-06 01:43:45 +01:00
markup.go Make Mermaid.js limit configurable (#16519) 2021-07-24 00:21:51 -04:00
migrations.go Use hostmatcher to replace matchlist, improve security (#17605) 2021-11-20 17:34:05 +08:00
mime_type_map.go Add mimetype mapping settings (#15133) 2021-05-10 16:38:08 -04:00
mirror.go Make mirror feature more configurable (#16957) 2021-09-07 17:49:36 +02:00
oauth2_client.go OAuth2 login: Set account link to "login" as default behavior (#15768) 2021-05-07 16:15:16 +02:00
picture.go Make AvatarRenderedSizeFactor configurable and set it to 3 (#17951) 2021-12-16 10:18:38 +08:00
project.go
proxy.go Add proxy settings and support for migration and webhook (#16704) 2021-08-18 21:10:39 +08:00
queue.go A better go code formatter, and now make fmt can run in Windows (#17684) 2021-11-17 20:34:35 +08:00
repository.go Make Co-committed-by and co-authored-by trailers optional (#17848) 2021-11-29 07:09:55 +00:00
service.go add configuration option to restrict users by default (#16256) 2021-07-15 15:19:48 -04:00
session.go Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
setting.go Prevent security failure due to bad APP_ID (#18678) (#18682) 2022-02-10 16:17:44 +01:00
setting_test.go Add an abstract json layout to make it's easier to change json library (#16528) 2021-07-24 18:03:58 +02:00
storage.go Rework repository archive (#14723) 2021-06-23 17:12:38 -04:00
storage_test.go
task.go
webhook.go Use hostmatcher to replace matchlist, improve security (#17605) 2021-11-20 17:34:05 +08:00