Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent security failure due to bad APP_ID (#18678) #18682

Merged
merged 2 commits into from
Feb 10, 2022
Merged

Prevent security failure due to bad APP_ID (#18678) #18682

merged 2 commits into from
Feb 10, 2022

Conversation

zeripath
Copy link
Contributor

@zeripath zeripath commented Feb 9, 2022

Backport #18678

WebAuthn may cause a security exception if the provided APP_ID is not allowed for the
current origin. Therefore we should reattempt authentication without the appid
extension.

Also we should allow [u2f] as-well as [U2F] sections.

Signed-off-by: Andrew Thornton art27@cantab.net

@zeripath @lunny
Prevent security failure due to bad APP_ID (go-gitea#18678)
63004e4 
Backport go-gitea#18678

WebAuthn may cause a security exception if the provided APP_ID is not allowed for the
current origin. Therefore we should reattempt authentication without the appid
extension.

Also we should allow [u2f] as-well as [U2F] sections.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
@zeripath zeripath added this to the 1.16.2 milestone Feb 9, 2022
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Feb 9, 2022
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Feb 10, 2022
@6543
Copy link
Member

6543 commented Feb 10, 2022

🚀

@6543 6543 merged commit 2e317d3 into go-gitea:release/v1.16 Feb 10, 2022
@zeripath zeripath deleted the backport-18678-v1.16 branch February 10, 2022 17:19
@go-gitea go-gitea locked and limited conversation to collaborators Apr 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Gusted Gusted Gusted approved these changes

@silverwind silverwind silverwind approved these changes

Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug
Projects
None yet
Milestone
1.16.2
Development

Successfully merging this pull request may close these issues.
6 participants
@zeripath @6543 @silverwind @Gusted @GiteaBot @lunny