Patrick O'Doherty f5522e62d1

client/web: fix CSRF handler order in web UI (#15143) ...

Fix the order of the CSRF handlers (HTTP plaintext context setting,
_then_ enforcement) in the construction of the web UI server. This
resolves false-positive "invalid Origin" 403 exceptions when attempting
to update settings in the web UI.

Add unit test to exercise the CSRF protection failure and success cases
for our web UI configuration.

Updates #14822
Updates #14872

Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>

2025-02-27 11:58:45 -08:00

..

build

client/web: precompress assets

2023-12-07 20:57:31 -05:00

src

client/web: remove advanced options from web client login (#14770)

2025-01-24 16:29:58 -07:00

assets.go

client/web: only add cache header for assets

2023-12-12 15:51:22 -05:00

auth.go

all: use Go 1.22 range-over-int

2024-04-16 15:32:38 -07:00

index.html

client/web: use CSP hash for inline javascript

2023-12-11 20:22:56 -08:00

package.json

{tool,client}: bump node version (#12840)

2024-07-18 13:12:42 -06:00

qnap.go

client/web: add readonly/manage toggle

2023-11-10 15:01:34 -05:00

styles.json

client/web: adjust colors and some UI margins

2023-12-01 15:41:57 -05:00

synology.go

client/web: add readonly/manage toggle

2023-11-10 15:01:34 -05:00

tailwind.config.js

client/web: fix Vite CJS deprecation warning (#11288)

2024-02-28 16:28:22 -05:00

tsconfig.json

client/web: update vite and vitest to latest versions (#11200)

2024-02-23 14:50:41 -07:00

vite.config.ts

client/web: update vite and vitest to latest versions (#11200)

2024-02-23 14:50:41 -07:00

web_test.go

client/web: fix CSRF handler order in web UI (#15143)

2025-02-27 11:58:45 -08:00

web.go

client/web: fix CSRF handler order in web UI (#15143)

2025-02-27 11:58:45 -08:00

yarn.lock

build(deps): bump ws from 8.14.2 to 8.17.1 in /client/web (#12524)

2024-09-10 12:39:40 -06:00