Brad Fitzpatrick 8bd04bdd3a go.mod: bump gorilla/csrf for security fix (#14822) ... For 9dd6af1f6d Update client/web and safeweb to correctly signal to the csrf middleware whether the request is being served over TLS. This determines whether Origin and Referer header checks are strictly enforced. The gorilla library previously did not enforce these checks due to a logic bug based on erroneous use of the net/http.Request API. The patch to fix this also inverts the library behavior to presume that every request is being served over TLS, necessitating these changes. Updates tailscale/corp#25340 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com> Co-authored-by: Patrick O'Doherty <patrick@tailscale.com>		2025-01-29 12:44:01 -08:00
..
build	client/web: precompress assets	2023-12-07 20:57:31 -05:00
src	client/web: remove advanced options from web client login (#14770)	2025-01-24 16:29:58 -07:00
assets.go	client/web: only add cache header for assets	2023-12-12 15:51:22 -05:00
auth.go	all: use Go 1.22 range-over-int	2024-04-16 15:32:38 -07:00
index.html	client/web: use CSP hash for inline javascript	2023-12-11 20:22:56 -08:00
package.json	{tool,client}: bump node version (#12840)	2024-07-18 13:12:42 -06:00
qnap.go	client/web: add readonly/manage toggle	2023-11-10 15:01:34 -05:00
styles.json	client/web: adjust colors and some UI margins	2023-12-01 15:41:57 -05:00
synology.go	client/web: add readonly/manage toggle	2023-11-10 15:01:34 -05:00
tailwind.config.js	client/web: fix Vite CJS deprecation warning (#11288)	2024-02-28 16:28:22 -05:00
tsconfig.json	client/web: update vite and vitest to latest versions (#11200)	2024-02-23 14:50:41 -07:00
vite.config.ts	client/web: update vite and vitest to latest versions (#11200)	2024-02-23 14:50:41 -07:00
web_test.go	client/web: use grants on web UI frontend	2024-02-26 12:59:37 -05:00
web.go	go.mod: bump gorilla/csrf for security fix (#14822)	2025-01-29 12:44:01 -08:00
yarn.lock	build(deps): bump ws from 8.14.2 to 8.17.1 in /client/web (#12524)	2024-09-10 12:39:40 -06:00