mirrors/tailscale
1
0
Fork 0
mirror of https://github.com/tailscale/tailscale.git synced 2025-08-10 08:07:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
k8s_priority_class
tailscale/client/web/src
History
Patrick O'Doherty a05924a9e5
client/web: add Sec-Fetch-Site CSRF protection (#16046) 
RELNOTE=Fix CSRF errors in the client Web UI

Replace gorilla/csrf with a Sec-Fetch-Site based CSRF protection
middleware that falls back to comparing the Host & Origin headers if no
SFS value is passed by the client.

Add an -origin override to the web CLI that allows callers to specify
the origin at which the web UI will be available if it is hosted behind
a reverse proxy or within another application via CGI.

Updates #14872
Updates #15065

Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>
2025-05-22 12:26:02 -07:00
..
assets client/web: add copyable components throughout UI 2023-12-05 16:52:19 -05:00
components client/web: remove advanced options from web client login (#14770) 2025-01-24 16:29:58 -07:00
hooks client/web: use grants on web UI frontend 2024-02-26 12:59:37 -05:00
ui client/web: update vite-plugin-svgr to latest version (#11197) 2024-02-22 13:16:44 -07:00
utils client/web: use grants on web UI frontend 2024-02-26 12:59:37 -05:00
api.ts client/web: add Sec-Fetch-Site CSRF protection (#16046) 2025-05-22 12:26:02 -07:00
index.css client/web: small UI cleanups 2023-12-08 12:45:09 -05:00
index.tsx client/web: start using swr for some fetching 2023-12-06 21:20:13 -05:00
types.ts client/web: add visual indication for exit node pending approval (#10532) 2023-12-11 13:40:29 -07:00