tailscale

mirror of https://github.com/tailscale/tailscale.git synced 2025-08-09 15:47:17 +02:00

History

Patrick O'Doherty a05924a9e5 client/web: add Sec-Fetch-Site CSRF protection (#16046 ) RELNOTE=Fix CSRF errors in the client Web UI Replace gorilla/csrf with a Sec-Fetch-Site based CSRF protection middleware that falls back to comparing the Host & Origin headers if no SFS value is passed by the client. Add an -origin override to the web CLI that allows callers to specify the origin at which the web UI will be available if it is hosted behind a reverse proxy or within another application via CGI. Updates #14872 Updates #15065 Signed-off-by: Patrick O'Doherty <patrick@tailscale.com>		2025-05-22 12:26:02 -07:00
..
build	client/web: precompress assets	2023-12-07 20:57:31 -05:00
src	client/web: add Sec-Fetch-Site CSRF protection (#16046 )	2025-05-22 12:26:02 -07:00
assets.go	client/web: only add cache header for assets	2023-12-12 15:51:22 -05:00
auth.go	all: use Go 1.22 range-over-int	2024-04-16 15:32:38 -07:00
index.html	client/web: use CSP hash for inline javascript	2023-12-11 20:22:56 -08:00
package.json	node.rev: bump to latest 22.x LTS release (#15652 )	2025-04-15 16:51:21 -06:00
qnap.go	client/web: add readonly/manage toggle	2023-11-10 15:01:34 -05:00
styles.json	client/web: adjust colors and some UI margins	2023-12-01 15:41:57 -05:00
synology.go	client/web: add readonly/manage toggle	2023-11-10 15:01:34 -05:00
tailwind.config.js	client/web: fix Vite CJS deprecation warning (#11288 )	2024-02-28 16:28:22 -05:00
tsconfig.json	client/web: update vite and vitest to latest versions (#11200 )	2024-02-23 14:50:41 -07:00
vite.config.ts	client/web: update vite and vitest to latest versions (#11200 )	2024-02-23 14:50:41 -07:00
web_test.go	client/web: add Sec-Fetch-Site CSRF protection (#16046 )	2025-05-22 12:26:02 -07:00
web.go	client/web: add Sec-Fetch-Site CSRF protection (#16046 )	2025-05-22 12:26:02 -07:00
yarn.lock	node.rev: bump to latest 22.x LTS release (#15652 )	2025-04-15 16:51:21 -06:00