forgejo/modules
wxiaoguang 8f6d442a04
Use secure cookie for HTTPS sites (#26999) (#27013)
Backport #26999

If the AppURL(ROOT_URL) is an HTTPS URL, then the COOKIE_SECURE's
default value should be true.

And, if a user visits an "http" site with "https" AppURL, they won't be
able to login, and they should have been warned. The only problem is
that the "language" can't be set either in such case, while I think it
is not a serious problem, and it could be fixed easily if needed.

(cherry picked from commit b0a405c5fa)
2023-09-20 12:50:46 +02:00
..
actions [CI] Search .forgejo/workflows first 2023-07-16 23:21:44 +02:00
activitypub Add Chef package registry (#22554) 2023-02-06 09:49:21 +08:00
analyze Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
assetfs Skip unuseful error message in dev mode when watching local filesystem (#25919) (#25927) 2023-07-24 07:58:56 +02:00
auth [SECURITY] default to pbkdf2 with 320,000 iterations 2023-07-16 23:44:22 +02:00
avatar Improve avatar uploading / resizing / compressing, remove Fomantic card module (#24653) 2023-05-13 20:59:11 +02:00
base Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
cache Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
charset Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
container Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
context Avoid double-unescaping of form value (#26853) (#26863) 2023-09-08 08:09:18 +02:00
csv Refactor locale number (#24134) 2023-04-17 11:37:23 +08:00
doctor Add fix incorrect can_create_org_repo for org owner team (#26683) (#26791) 2023-09-08 08:09:18 +02:00
emoji Fix unstable emoji sort (#22346) 2023-01-05 13:58:51 +02:00
eventsource Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
generate Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
git Sync repo's IsEmpty status correctly (#26517) (#26560) 2023-08-21 07:27:20 +02:00
gitgraph Add context cache as a request level cache (#22294) 2023-02-15 21:37:34 +08:00
graceful Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
hcaptcha Consume hcaptcha and pwn deps (#22610) 2023-01-29 09:49:51 -06:00
highlight test_env: hardcode major go version in use (#23464) 2023-03-14 16:09:01 -04:00
hostmatcher Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
html Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
httpcache [BRANDING] add X-Forgejo-* headers 2023-07-17 00:25:55 +02:00
httplib Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
indexer Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
issue/template Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
json Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
label Make label templates have consistent behavior and priority (#23749) 2023-04-10 16:44:02 +08:00
lfs Rewrite logger system (#24726) 2023-05-21 22:35:11 +00:00
log Use stderr as fallback if the log file can't be opened (#26074) (#26083) 2023-07-26 13:49:15 +02:00
markup [GITEA] Use restricted sanitizer for repository description 2023-09-13 17:17:37 +02:00
mcaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
metrics Use a separate admin page to show global stats, remove actions stat (#25062) 2023-06-03 22:03:41 +08:00
migration Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
mirror Improve queue and logger context (#24924) 2023-05-26 07:31:55 +00:00
nosql Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
notification Add Adopt repository event and handler (#25497) (#25518) 2023-06-26 20:09:07 +00:00
options Use a general approach to access custom/static/builtin assets (#24022) 2023-04-12 18:16:45 +08:00
packages Prevent newline errors with Debian packages (#26332) (#26342) 2023-08-21 07:22:16 +02:00
paginator Use more specific test methods (#24265) 2023-04-22 17:56:27 -04:00
pprof Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
private [CLI] implement forgejo-cli actions register 2023-07-16 23:21:45 +02:00
process Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
proxy Use proxy for pull mirror (#22771) 2023-02-11 08:39:50 +08:00
proxyprotocol Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
public Use standard HTTP library to serve files (#24693) 2023-05-13 16:04:57 +02:00
queue Calculate MAX_WORKERS default value by CPU number (#26177) (#26183) 2023-07-30 07:46:18 +02:00
recaptcha Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
references Use correct captured group range when parsing cross-reference (#22672) 2023-01-31 10:08:05 +01:00
regexplru Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
repository Remove stars when repo goes private (#19904) 2023-06-05 13:25:43 +00:00
secret Improve decryption failure message (#24573) 2023-05-07 19:29:43 +08:00
session Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
setting Use secure cookie for HTTPS sites (#26999) (#27013) 2023-09-20 12:50:46 +02:00
sitemap Fix sitemap (#22272) 2022-12-30 23:31:00 +08:00
ssh Fix admin queue page title and fix CI failures (#26409) (#26421) 2023-08-21 07:22:18 +02:00
storage Use correct minio error (#26634) (#26639) 2023-09-08 08:07:19 +02:00
structs Add branch_filter to hooks API endpoints (#26599) (#26632) 2023-09-08 08:07:19 +02:00
svg Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
sync Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
system Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
templates Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
test [TESTS] MockVariable temporarily replaces a global value 2023-08-21 07:22:17 +02:00
testlogger Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
timeutil Fix incorrect webhook time and use relative-time to display it (#24477) 2023-05-03 19:53:43 -04:00
translation Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
turnstile Add new captcha: cloudflare turnstile (#22369) 2023-02-05 15:29:03 +08:00
typesniffer Detect ogg mime-type as audio or video (#26494) (#26505) 2023-08-21 07:26:43 +02:00
updatechecker [PRIVACY] Add a DNS method to fetch new updates 2023-07-17 00:24:23 +02:00
upload Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
uri Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
user Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
util Replace interface{} with any (#25686) (#25687) 2023-07-04 23:41:32 -04:00
validation check blocklist for emails when adding them to account (#26812) (#26831) 2023-09-08 08:09:18 +02:00
web Fix incorrect router logger (#26137) (#26143) 2023-07-26 13:49:15 +02:00
webhook [BRANDING] define the forgejo webhook type 2023-08-21 07:22:16 +02:00