This repository has been archived on 2023-02-01. You can view files and clone it, but cannot push or open issues or pull requests.
gitea/routers/user
zeripath e9c4609410 Do not display the raw OpenID error in the UI (#5705) (#5712)
* Do not display the raw OpenID error in the UI

If there are no `WHITELIST_URIS` or `BLACKLIST_URIS` set in the openid
section of the app.ini, it is possible that gitea can leak sensitive
information about the local network through the error provided by the
UI. This PR hides the error information and logs it.

Fix #4973

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update auth_openid.go

Place error log within the `err != nil` branch.
2019-01-13 08:05:20 -05:00
..
setting Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706) 2018-08-14 23:16:37 +03:00
auth.go Block registration based on email domain (#5157) 2018-11-14 20:00:04 -05:00
auth_openid.go Do not display the raw OpenID error in the UI (#5705) (#5712) 2019-01-13 08:05:20 -05:00
home.go Improve performance of dashboard (#4977) 2018-12-13 10:55:43 -05:00
home_test.go hide issues from org private repos w/o team assignment (#4034) 2018-06-21 12:00:13 -04:00
main_test.go Unit tests for wiki routers (#3022) 2017-11-30 17:52:15 +02:00
notification.go Handle refactor (#3339) 2018-01-10 23:34:17 +02:00
profile.go User action heatmap (#5131) 2018-10-23 10:57:42 +08:00