Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent security failure due to bad APP_ID (#18678) #18682

Merged
merged 2 commits into from
Feb 10, 2022
Merged

Prevent security failure due to bad APP_ID (#18678) #18682

merged 2 commits into from
Feb 10, 2022

Commits on Feb 9, 2022

  1. Prevent security failure due to bad APP_ID (go-gitea#18678) 

    Backport go-gitea#18678

WebAuthn may cause a security exception if the provided APP_ID is not allowed for the
current origin. Therefore we should reattempt authentication without the appid
extension.

Also we should allow [u2f] as-well as [U2F] sections.

Signed-off-by: Andrew Thornton <[email protected]>

Co-authored-by: Lunny Xiao <[email protected]>
    @zeripath @lunny
    zeripath and lunny committed Feb 9, 2022
    Configuration menu
    Copy the full SHA
    63004e4 View commit details
    Browse the repository at this point in the history

Commits on Feb 10, 2022

  1. Merge branch 'release/v1.16' into backport-18678-v1.16

    @lunny
    lunny authored Feb 10, 2022
    Configuration menu
    Copy the full SHA
    985f3b2 View commit details
    Browse the repository at this point in the history