1
0
mirror of https://github.com/go-gitea/gitea.git synced 2024-12-04 14:46:57 -05:00
gitea/routers/api/v1
zeripath 83640c449e
Remove ReverseProxy authentication from the API (#22219)
Since we changed the /api/v1/ routes to disallow session authentication
we also removed their reliance on CSRF. However, we left the
ReverseProxy authentication here - but this means that POSTs to the API
are no longer protected by CSRF.

Now, ReverseProxy authentication is a kind of session authentication,
and is therefore inconsistent with the removal of session from the API.

This PR proposes that we simply remove the ReverseProxy authentication
from the API and therefore users of the API must explicitly use tokens
or basic authentication.

Replace #22077
Close #22221 
Close #22077 

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-12-27 08:34:05 +08:00
..
activitypub Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
admin Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
misc Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
notify Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
org refactor some functions to support ctx as first parameter (#21878) 2022-12-03 10:48:26 +08:00
packages Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
repo Allow empty assignees on pull request edit (#22150) 2022-12-21 16:45:44 -06:00
settings Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
swagger Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
user refactor some functions to support ctx as first parameter (#21878) 2022-12-03 10:48:26 +08:00
utils Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
api.go Remove ReverseProxy authentication from the API (#22219) 2022-12-27 08:34:05 +08:00
auth_windows.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
auth.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00