forgejo-backport-action e1e3f6eefa [v11.0/forgejo] fix: validate CSRF on non-safe methods (#9081) ... **Backport:** https://codeberg.org/forgejo/forgejo/pulls/9071 All PUT/DELETE routes in the web UI are validated to prevent a [cross site request forgery](https://en.wikipedia.org/wiki/Cross-site_request_forgery). Although all POST routes are validated with a CSRF token, some of the PUT/DELETE routes were missing this validation. <!--start release-notes-assistant--> ## Release notes <!--URL:https://codeberg.org/forgejo/forgejo--> - Security bug fixes - [PR](https://codeberg.org/forgejo/forgejo/pulls/9071): <!--number 9071 --><!--line 0 --><!--description dmFsaWRhdGUgQ1NSRiBvbiBub24tc2FmZSBtZXRob2Rz-->validate CSRF on non-safe methods<!--description--> <!--end release-notes-assistant--> Co-authored-by: Gusted <postmaster@gusted.xyz> Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9081 Reviewed-by: 0ko <0ko@noreply.codeberg.org> Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org> Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>		2025-08-30 18:58:18 +02:00
..
e2e	[v11.0/forgejo] chore: disable E2E test for webkit (#8614)	2025-07-22 21:07:48 +02:00
fuzz	[v11.0/forgejo] chore: branding import path (#7354)	2025-03-27 20:13:05 +00:00
gitea-lfs-meta	Test views of LFS files (#22196)	2022-12-23 07:41:56 +08:00
gitea-repositories-meta	[v11.0/forgejo] chore: branding import path (#7354)	2025-03-27 20:13:05 +00:00
integration	[v11.0/forgejo] fix: validate CSRF on non-safe methods (#9081)	2025-08-30 18:58:18 +02:00
testdata/data	Add artifacts test fixture (#30300)	2024-11-05 09:33:15 +01:00
mysql.ini.tmpl	chore: improve slow tests	2024-11-14 12:41:11 +01:00
pgsql.ini.tmpl	chore: improve slow tests	2024-11-14 12:41:11 +01:00
sqlite.ini.tmpl	test: use memory for integration and journal for migration	2024-11-14 15:38:06 +01:00
test_utils.go	[v11.0/forgejo] chore: merge tests.AddFixtures and unittest.OverrideFixtures (#7649)	2025-04-25 09:59:30 +00:00