gitea/context at 427954ba6ed3a553f75eb1d01fb2f4597e3eda1c - gitea - Gitea

Mirrors/gitea

mirror of https://github.com/go-gitea/gitea.git synced 2026-02-23 21:33:19 +01:00

History

silverwind 5f8e19fcef

Move X_FRAME_OPTIONS setting from cors to security section (#30256 )

## Summary

- Move `cors.X_FRAME_OPTIONS` to `security.X_FRAME_OPTIONS` (old
location still works with a deprecation warning)
- Support `"unset"` as a special value to remove the `X-Frame-Options`
header entirely
- Remove `X-Frame-Options` header from API responses (only set for
web/HTML responses)

## Migration

If you had customized `cors.X_FRAME_OPTIONS`, move it to the
`[security]` section. The old location is deprecated and will be removed
in a future release.

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

2026-02-22 20:26:46 +00:00

..

various fixes (#36697 )

2026-02-22 08:01:43 +01:00

access_log_test.go

Address some CodeQL security concerns (#35572 )

2025-10-04 01:21:26 +08:00

access_log.go

Address some CodeQL security concerns (#35572 )

2025-10-04 01:21:26 +08:00

api_org.go

…

api_test.go

Enable testifylint rules (#34075 )

2025-03-31 01:53:48 -04:00

api.go

Move X_FRAME_OPTIONS setting from cors to security section (#30256 )

2026-02-22 20:26:46 +00:00

base_form.go

Add workflow_run api + webhook (#33964 )

2025-06-20 20:14:00 +08:00

base_path.go

Address some CodeQL security concerns (#35572 )

2025-10-04 01:21:26 +08:00

base_test.go

Enable addtional linters (#34085 )

2025-04-01 10:14:01 +00:00

base.go

Fix link/origin referrer and login redirect (#36279 )

2026-01-03 11:43:04 +08:00

captcha.go

fix: Improve image captcha contrast for dark mode (#36265 )

2026-01-24 05:41:51 +00:00

context_cookie.go

Replace CSRF cookie with CrossOriginProtection (#36183 )

2025-12-25 12:33:34 +02:00

context_model.go

Refactor context repository (#33202 )

2025-01-12 03:39:46 +00:00

context_request.go

…

context_response.go

Check user visibility when redirecting to a renamed user (#36148 )

2025-12-14 03:14:18 +01:00

context_template.go

Support selecting theme on the footer (#35741 )

2025-10-28 18:25:00 +08:00

context_test.go

…

context.go

Move X_FRAME_OPTIONS setting from cors to security section (#30256 )

2026-02-22 20:26:46 +00:00

org.go

Fix OrgAssignment opts (#36174 )

2025-12-17 17:19:22 +08:00

package.go

Refactor template render (#36438 )

2026-01-24 05:11:49 +00:00

pagination_test.go

Fix notifications pagination query parameters (#36351 )

2026-01-12 22:17:42 +00:00

pagination.go

Fix notifications pagination query parameters (#36351 )

2026-01-12 22:17:42 +00:00

permission.go

Run gopls modernize on codebase (#34751 )

2025-06-18 01:48:09 +00:00

private.go

Fix SSH LFS timeout (#34838 )

2025-06-24 15:49:31 +00:00

repo.go

Allow configuring default PR base branch (fixes #36412 ) (#36425 )

2026-02-07 01:34:29 +00:00

response.go

Remove duplicate "ResponseWriter.Status" method (#33346 )

2025-01-22 06:37:52 +00:00

user.go

Check user visibility when redirecting to a renamed user (#36148 )

2025-12-14 03:14:18 +01:00

utils.go

…