From 19c5642971d6538b9eea9b8a4f4a3d1ad1f2e619 Mon Sep 17 00:00:00 2001 From: Giteabot Date: Sun, 3 Mar 2024 08:54:33 +0800 Subject: [PATCH] Fix incorrect cookie path for AppSubURL (#29534) (#29552) Backport #29534 Regression of #24107 Co-authored-by: wxiaoguang (cherry picked from commit 5ca2971ccbc8769f7e6ee41c125db47f818e7599) --- modules/setting/session.go | 7 +++++-- routers/common/middleware.go | 1 + 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/setting/session.go b/modules/setting/session.go index 664c66f869..e9637fdfc5 100644 --- a/modules/setting/session.go +++ b/modules/setting/session.go @@ -21,7 +21,7 @@ var SessionConfig = struct { ProviderConfig string // Cookie name to save session ID. Default is "MacaronSession". CookieName string - // Cookie path to store. Default is "/". HINT: there was a bug, the old value doesn't have trailing slash, and could be empty "". + // Cookie path to store. Default is "/". CookiePath string // GC interval time in seconds. Default is 3600. Gclifetime int64 @@ -49,7 +49,10 @@ func loadSessionFrom(rootCfg ConfigProvider) { SessionConfig.ProviderConfig = path.Join(AppWorkPath, SessionConfig.ProviderConfig) } SessionConfig.CookieName = sec.Key("COOKIE_NAME").MustString("i_like_gitea") - SessionConfig.CookiePath = AppSubURL + "/" // there was a bug, old code only set CookePath=AppSubURL, no trailing slash + SessionConfig.CookiePath = AppSubURL + if SessionConfig.CookiePath == "" { + SessionConfig.CookiePath = "/" + } SessionConfig.Secure = sec.Key("COOKIE_SECURE").MustBool(strings.HasPrefix(strings.ToLower(AppURL), "https://")) SessionConfig.Gclifetime = sec.Key("GC_INTERVAL_TIME").MustInt64(86400) SessionConfig.Maxlifetime = sec.Key("SESSION_LIFE_TIME").MustInt64(86400) diff --git a/routers/common/middleware.go b/routers/common/middleware.go index 8a39dda179..d8616c7eab 100644 --- a/routers/common/middleware.go +++ b/routers/common/middleware.go @@ -38,6 +38,7 @@ func ProtocolMiddlewares() (handlers []any) { }) }) + // wrap the request and response, use the process context and add it to the process manager handlers = append(handlers, func(next http.Handler) http.Handler { return http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) { ctx, _, finished := process.GetManager().AddTypedContext(req.Context(), fmt.Sprintf("%s: %s", req.Method, req.RequestURI), process.RequestProcessType, true)