mirrors/tailscale
1
0
Fork 0
Code Issues Pull Requests Projects Wiki Activity
f840aad49e
tailscale/client/web
History
Patrick O'Doherty f5522e62d1
client/web: fix CSRF handler order in web UI (#15143) 
Fix the order of the CSRF handlers (HTTP plaintext context setting,
_then_ enforcement) in the construction of the web UI server. This
resolves false-positive "invalid Origin" 403 exceptions when attempting
to update settings in the web UI.

Add unit test to exercise the CSRF protection failure and success cases
for our web UI configuration.

Updates #14822
Updates #14872

Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
2025-02-27 11:58:45 -08:00
..
build client/web: precompress assets 2023-12-07 20:57:31 -05:00
src client/web: remove advanced options from web client login (#14770) 2025-01-24 16:29:58 -07:00
assets.go client/web: only add cache header for assets 2023-12-12 15:51:22 -05:00
auth.go all: use Go 1.22 range-over-int 2024-04-16 15:32:38 -07:00
index.html client/web: use CSP hash for inline javascript 2023-12-11 20:22:56 -08:00
package.json {tool,client}: bump node version (#12840) 2024-07-18 13:12:42 -06:00
qnap.go client/web: add readonly/manage toggle 2023-11-10 15:01:34 -05:00
styles.json client/web: adjust colors and some UI margins 2023-12-01 15:41:57 -05:00
synology.go client/web: add readonly/manage toggle 2023-11-10 15:01:34 -05:00
tailwind.config.js client/web: fix Vite CJS deprecation warning (#11288) 2024-02-28 16:28:22 -05:00
tsconfig.json client/web: update vite and vitest to latest versions (#11200) 2024-02-23 14:50:41 -07:00
vite.config.ts client/web: update vite and vitest to latest versions (#11200) 2024-02-23 14:50:41 -07:00
web_test.go client/web: fix CSRF handler order in web UI (#15143) 2025-02-27 11:58:45 -08:00
web.go client/web: fix CSRF handler order in web UI (#15143) 2025-02-27 11:58:45 -08:00
yarn.lock build(deps): bump ws from 8.14.2 to 8.17.1 in /client/web (#12524) 2024-09-10 12:39:40 -06:00