211 Commits

Author SHA1 Message Date
zh199225
110261778e Always set a default value "/" for Cookie "Path"
When the URL is end with "/", and the parameter "Path" of SetCookie() Function is "", the "Path" of cookie that set in browser will not be the default value "/"., I think it's incorrect. When the URL is not end with "/", it's correct.
2022-04-29 16:43:04 +08:00
jianzhiyao
978b7e4a9d rename package name & fix bug 2022-04-27 23:05:08 +08:00
Ming Deng
4ea052602a Making XSRFSecure and XSRFHttpOnly Configurable 2021-01-19 23:00:31 +08:00
Ming Deng
1dffa20435 make stmt cache smaller 2020-10-10 21:35:58 +08:00
Ming Deng
a0d1c42dac XSRF add secure and http only flag 2020-08-03 21:04:33 +08:00
playHing
3e2c795410 Rlock for form query 2020-07-15 20:44:59 +08:00
playHing
55e6298f29 Fix concurrent form parsing and getting 2020-07-15 20:44:59 +08:00
playHing
b50fb44950 Add bench test on context input query 2020-07-15 20:44:59 +08:00
Ming Deng
6c0db4db3d Using HTMLEscapeString in adminui.go to avoid XSS attack 2020-06-19 21:49:17 +08:00
Ming Deng
86935ada01
Merge pull request #3943 from zhlicen/master
#3942 fix encoded url(with slash) router match problem
2020-06-18 16:04:16 +08:00
HANG ZHOU
0aa82d875a
Update input.go 2020-03-05 14:46:17 +00:00
BurtonQin
cfdd1cd5be cache, context, session: add lock to fix inconsistent field protection 2020-02-10 21:49:46 +08:00
wang yan
a768bf8f00 update hash algorithm for signing the cookie for xsrf token
Due to the chosen-prefix collision in SHA-1(details at https://sha-mbles.github.io/), SHA-1 hash functions should to be deprecated and SHA-2/SHA-3 should be used instead.

Signed-off-by: wang yan <wangyan@vmware.com>
2020-02-06 17:31:24 +08:00
Wenkai Yin
793047097c Abort with the pre-defined status code when handling XSRF error
As the status codes(422 and 417) are set in the error map, abort with them directly to active the pre-defined error handlers

Signed-off-by: Wenkai Yin <yinw@vmware.com>
2019-11-19 18:55:54 +08:00
Wusuluren
b17e49e6aa fix concurrent map access problem on BeegoInput.data 2019-06-09 22:09:38 +08:00
JessonChan
1c893996c0 improve the download func code 2019-01-23 12:36:14 +08:00
JessonChan
a9ffc2a078 https://github.com/astaxie/beego/issues/3446
Use UTF-8 as the encoding of the "filename*" parameter, when
                           present, because at least one existing implementation only
                           implements that encoding.
2019-01-23 12:30:57 +08:00
wanghui
b021686521
Add .Elapsed in context.ResponseWriter for monitor purpose
With this commit we can record per requests's elapsed time,
so we can easy to monitor that by use a filter.
2018-11-19 16:38:14 +08:00
Ruben Cid
755cc98ef7 Fix content type 2018-08-21 12:32:16 +02:00
Ruben Cid
5c407ff2e3 Add map shortcut and ServeFormatted method in output 2018-08-20 22:55:50 +02:00
Ruben Cid
48e6658eca Add access to pusher 2018-08-03 12:33:46 +02:00
astaxie
5ba9e63086
Merge branch 'develop' into feature/YAML 2018-07-20 23:24:51 +08:00
astaxie
67d9241abc
Merge pull request #3171 from whomm/master
debug stringsToJSON
2018-06-23 22:50:11 +08:00
astaxie
d3d97de312
Merge pull request #3200 from openset/master
Update: use PathEscape replace QueryEscape
2018-06-12 22:45:14 +08:00
Sandy
bf915c3280
Update: use PathEscape replace QueryEscape
If filename contain space(" "), QueryEscape use "+" instead.
2018-06-12 16:15:20 +08:00
Ruben Cid
7c80bf6f9d Add YAML 2018-05-30 16:06:40 +02:00
whomm
e96ae0c24a debug stringsToJSON
json char: \u four-hex-digits number(http://json.org/)
2018-05-21 15:18:18 +08:00
astaxie
e96a5fb3ca
Merge pull request #3115 from m4grio/minor-typo
Amend a very minor typo in a variable name
2018-04-20 19:26:42 +08:00
Mario Álvarez
5fb29cb772
Amend a very minor typo in a variable name 2018-04-10 12:19:50 +08:00
Pritesh Gudge
aac69674ad
Update Documentation in Output.go
Fix Documentation for HTTP status codes descriptions.
2017-12-21 13:50:28 +05:30
astaxie
c56704f3fd Merge branch 'master' into develop 2017-10-14 17:53:40 +08:00
LI Daobing
9b57566963 fix typo 2017-10-11 14:35:31 +08:00
astaxie
a7354d2d08 Revert "should use time.Since instead of time.Now().Sub" 2017-09-09 06:29:38 +08:00
wangguoliang
c8c25549e7 should use time.Since instead of time.Now().Sub
Signed-off-by: wgliang <liangcszzu@163.com>
2017-09-07 19:01:34 +08:00
mlgd
166e88c103 Update input.go 2017-08-09 21:05:06 +02:00
mlgd
51b6adeb24 Add IPV6 compatibility 2017-08-09 10:23:03 +02:00
MiskoLee
29bcd31b27 supported gzip for req.Header has Content-Encoding: gzip 2017-07-10 21:27:54 +08:00
astaxie
7ec819deed fix #2725 big form 2017-07-04 21:16:59 +08:00
eyalpost
8b504e7d51 incorrect error rendering (wrong status) 2017-06-12 21:05:40 +03:00
Eyal Post
11b4bf8aaa move to context 2017-05-18 10:38:12 +03:00
Eyal Post
2513bcf584 remove Redirect to avoid confusion 2017-05-18 10:32:51 +03:00
Eyal Post
3e51823c0f move response 2017-05-18 09:05:49 +03:00
Eyal Post
e32a18203b fix gosimple 2017-05-17 21:27:32 +03:00
Eyal Post
828cbbdf5d Refactor a bit to consolidate packages 2017-05-17 20:38:59 +03:00
Eyal Post
d54cd4fa5f Merge remote-tracking branch 'upstream/develop' into develop 2017-05-17 20:02:40 +03:00
eyalpost
1004678005 popular status codes 2017-05-12 09:57:56 +03:00
eyalpost
0ac2e47162 location=>paramType 2017-05-12 09:28:46 +03:00
eyalpost
b6a35a8944 more tests 2017-05-12 09:25:12 +03:00
Eyal Post
74dc3c7500 tests 2017-05-11 19:32:44 +03:00
Eyal Post
cb4f252a06 defValue -> defaultValue 2017-05-11 17:58:25 +03:00