mirror of
https://github.com/go-gitea/gitea.git
synced 2026-03-12 17:04:21 +01:00
42d294941c
Removes the CSRF cookie in favor of [`CrossOriginProtection`](https://pkg.go.dev/net/http#CrossOriginProtection) which relies purely on HTTP headers. Fixes: https://github.com/go-gitea/gitea/issues/11188 Fixes: https://github.com/go-gitea/gitea/issues/30333 Helps: https://github.com/go-gitea/gitea/issues/35107 TODOs: - [x] Fix tests - [ ] Ideally add tests to validates the protection --------- Signed-off-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
39 lines
1.4 KiB
Handlebars
39 lines
1.4 KiB
Handlebars
{{template "base/head" .}}
|
|
<div role="main" aria-label="{{.Title}}" class="page-content user forgot password">
|
|
<div class="ui middle very relaxed page grid">
|
|
<div class="column">
|
|
<form class="ui form ignore-dirty" action="{{.Link}}" method="post">
|
|
<h2 class="ui top attached header">
|
|
{{ctx.Locale.Tr "auth.forgot_password_title"}}
|
|
</h2>
|
|
<div class="ui attached segment">
|
|
{{template "base/alert" .}}
|
|
{{if .IsResetSent}}
|
|
<p>{{ctx.Locale.Tr "auth.reset_password_mail_sent_prompt" .Email .ResetPwdCodeLives}}</p>
|
|
{{else if .IsResetRequest}}
|
|
<div class="required field {{if .Err_Email}}error{{end}}">
|
|
<label for="email">{{ctx.Locale.Tr "email"}}</label>
|
|
<input id="email" name="email" type="email" value="{{.Email}}" autofocus required>
|
|
</div>
|
|
<div class="divider"></div>
|
|
<div class="inline field">
|
|
<button class="ui primary button">{{ctx.Locale.Tr "auth.send_reset_mail"}}</button>
|
|
</div>
|
|
{{else if .IsResetDisable}}
|
|
<p class="center">
|
|
{{if $.IsAdmin}}
|
|
{{ctx.Locale.Tr "auth.disable_forgot_password_mail_admin"}}
|
|
{{else}}
|
|
{{ctx.Locale.Tr "auth.disable_forgot_password_mail"}}
|
|
{{end}}
|
|
</p>
|
|
{{else if .ResendLimited}}
|
|
<p class="center">{{ctx.Locale.Tr "auth.resent_limit_prompt"}}</p>
|
|
{{end}}
|
|
</div>
|
|
</form>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
{{template "base/footer" .}}
|