Skip to content

Fix setting of SameSite on cookies #15989

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 27, 2021
Merged

Fix setting of SameSite on cookies #15989

merged 2 commits into from
May 27, 2021

Conversation

@zeripath
Copy link
Contributor

@zeripath zeripath commented May 26, 2021

Fix #15972

Signed-off-by: Andrew Thornton [email protected]

@zeripath zeripath added this to the 1.15.0 milestone May 26, 2021
noerw
noerw approved these changes May 26, 2021
View reviewed changes
Copy link
Member

@noerw noerw left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👀

@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label May 26, 2021
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels May 27, 2021
@codecov-commenter
Copy link

codecov-commenter commented May 27, 2021

Codecov Report

Merging #15989 (7998966) into main (568fe8c) will increase coverage by 0.01%.
The diff coverage is 66.66%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main   #15989      +/-   ##
==========================================
+ Coverage   44.03%   44.05%   +0.01%     
==========================================
  Files         682      682              
  Lines       82408    82408              
==========================================
+ Hits        36285    36301      +16     
+ Misses      40219    40208      -11     
+ Partials     5904     5899       -5
Impacted Files Coverage Δ
modules/web/middleware/cookie.go 64.65% <66.66%> (+7.75%) ⬆️
modules/queue/queue_channel.go 95.00% <0.00%> (-1.67%) ⬇️
modules/log/file.go 73.80% <0.00%> (-1.59%) ⬇️
modules/log/event.go 58.96% <0.00%> (-0.95%) ⬇️
modules/queue/unique_queue_disk_channel.go 48.63% <0.00%> (+1.36%) ⬆️
services/pull/patch.go 55.93% <0.00%> (+1.69%) ⬆️
services/pull/check.go 28.76% <0.00%> (+2.73%) ⬆️
services/pull/temp_repo.go 29.78% <0.00%> (+3.19%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 568fe8c...7998966. Read the comment docs.

@techknowlogick techknowlogick merged commit 6d39053 into go-gitea:main May 27, 2021
techknowlogick added a commit to techknowlogick/gitea that referenced this pull request May 27, 2021
@zeripath @techknowlogick
Fix setting of SameSite on cookies (go-gitea#15989)
31535a3 
Fix go-gitea#15972

Signed-off-by: Andrew Thornton <[email protected]>

Co-authored-by: techknowlogick <[email protected]>
@techknowlogick techknowlogick added the backport/done All backports for this PR have been created label May 27, 2021
@techknowlogick
Copy link
Member

techknowlogick commented May 27, 2021

backport created: #15991

techknowlogick added a commit that referenced this pull request May 27, 2021
@techknowlogick @zeripath @lunny
Fix setting of SameSite on cookies (#15989) (#15991)
3a79f11 
Fix #15972

Signed-off-by: Andrew Thornton <[email protected]>

Co-authored-by: techknowlogick <[email protected]>

Co-authored-by: zeripath <[email protected]>
Co-authored-by: Lunny Xiao <[email protected]>
@zeripath zeripath deleted the fix-samesite-bug branch May 27, 2021 16:17
@zeripath zeripath added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Jun 18, 2021
AbdulrhmnGhanem pushed a commit to kitspace/gitea that referenced this pull request Aug 10, 2021
@zeripath @techknowlogick @AbdulrhmnGhanem
Fix setting of SameSite on cookies (go-gitea#15989)
e7f57df 
Fix go-gitea#15972

Signed-off-by: Andrew Thornton <[email protected]>

Co-authored-by: techknowlogick <[email protected]>
@go-gitea go-gitea locked and limited conversation to collaborators Oct 19, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@techknowlogick techknowlogick techknowlogick approved these changes

+1 more reviewer

@noerw noerw noerw approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport/done All backports for this PR have been created lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug

Projects

None yet

Milestone

1.15.0

Development

Successfully merging this pull request may close these issues.

SameSite cookie option applies only to _csrf cookie

5 participants

@zeripath @codecov-commenter @techknowlogick @noerw @GiteaBot