gitea/opengist
0
0
Fork 0
mirror of https://github.com/thomiceli/opengist.git synced 2025-07-09 17:38:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

Remove CSRF check for Git HTTP packs (#408)

Browse Source
This commit is contained in:
Thomas Miceli
2025-01-20 03:18:28 +01:00
committed by GitHub
parent a752e0561d
commit 662f553d37
2 changed files with 14 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
internal/web/server/middlewares.go
View File

@ -17,6 +17,7 @@ import (
"html/template"
"net/http"
"path/filepath"
"regexp"
"strings"
"time"
)
@ -61,7 +62,15 @@ func (s *Server) registerMiddlewares() {
Skipper: func(ctx echo.Context) bool {
/* skip CSRF for embeds */
gistName := ctx.Param("gistname")
return filepath.Ext(gistName) == ".js"
/* skip CSRF for git clients */
matchUploadPack, _ := regexp.MatchString("(.*?)/git-upload-pack$", ctx.Request().URL.Path)
matchReceivePack, _ := regexp.MatchString("(.*?)/git-receive-pack$", ctx.Request().URL.Path)
return filepath.Ext(gistName) == ".js" || matchUploadPack || matchReceivePack
},
ErrorHandler: func(err error, c echo.Context) error {
log.Info().Err(err).Msg("CSRF error")
return err
},
}))
s.echo.Use(Middleware(csrfInit).toEcho())