davrot/forgejo_backup
1
0
Fork 0
mirror of https://codeberg.org/davrot/forgejo.git synced 2025-05-24 00:00:02 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Port "Use general token signing secret"

Browse source 
Port of https://github.com/go-gitea/gitea/pull/29205

Use a clearly defined "signing secret" for token signing.

(cherry picked from commit 8be198cdef0a486f417663b1fd6878458d7e5d92)
This commit is contained in:
wxiaoguang 2024-02-19 01:39:04 +08:00 committed by Gusted
parent cfd6420a0e
commit 62d3e5255f
No known key found for this signature in database
GPG key ID: FD821B732837125F
13 changed files with 131 additions and 61 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/context/context.go
View file

@ -6,6 +6,7 @@ package context
import (
"context"
"encoding/hex"
"fmt"
"html/template"
"io"
@ -124,7 +125,7 @@ func NewWebContext(base *Base, render Render, session session.Store) *Context {
func Contexter() func(next http.Handler) http.Handler {
rnd := templates.HTMLRenderer()
csrfOpts := CsrfOptions{
Secret: setting.SecretKey,
Secret: hex.EncodeToString(setting.GetGeneralTokenSigningSecret()),
Cookie: setting.CSRFCookieName,
SetCookie: true,
Secure: setting.SessionConfig.Secure,