Refactor CSRF protector (#32057)

Remove unused CSRF options, decouple "new csrf protector" and "prepare" logic, do not redirect to home page if CSRF validation falis (it shouldn't happen in daily usage, if it happens, redirecting to home doesn't help either but just makes the problem more complex for "fetch") (cherry picked from commit 1fede04b83288d8a91304a83b7601699bb5cba04) Conflicts: options/locale/locale_en-US.ini tests/integration/repo_branch_test.go trivial context conflicts
2024-09-18 15:17:25 +08:00 · 2024-09-18 15:17:25 +08:00 · 1ae3b127fc
commit 1ae3b127fc
parent 1bdf334844
7 changed files with 71 additions and 171 deletions
--- a/routers/web/web.go
+++ b/routers/web/web.go
@ -132,6 +132,8 @@ func webAuth(authMethod auth_service.Method) func(*context.Context) {
 			// ensure the session uid is deleted
 			_ = ctx.Session.Delete("uid")
 		}
+
+		ctx.Csrf.PrepareForSessionUser(ctx)
 	}
 }