forked from gitea/gitea
Set type="password" on all auth_token fields (#22175)
Set `type="password"` on all `auth_token` fields Seen when migrating from other hosting platforms. 1. Prevents exposing the token to screen capture/cameras/eyeballs. 2. Prevents the browser from saving the value in its autocomplete dictionary, which often is not secure. ![exposed auth token](https://user-images.githubusercontent.com/615684/208541005-e2c9c6b0-3c6c-4a56-95d9-357b987aa0c8.png) Closes #22174 --------- Signed-off-by: Dan Church <amphetamachine@gmail.com> Co-authored-by: silverwind <me@silverwind.io>
This commit is contained in:
parent
b3e849d1d6
commit
67da4c1b25
|
@ -20,7 +20,7 @@
|
|||
|
||||
<div class="inline field {{if .Err_Auth}}error{{end}}">
|
||||
<label for="auth_token">{{.locale.Tr "access_token"}}</label>
|
||||
<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
|
||||
<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
|
||||
<a target="_blank" href="https://docs.gitea.io/en-us/api-usage">{{svg "octicon-question"}}</a>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
|
||||
<div class="inline field {{if .Err_Auth}}error{{end}}">
|
||||
<label for="auth_token">{{.locale.Tr "access_token"}}</label>
|
||||
<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
|
||||
<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
|
||||
<a target="_blank" href="https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token">{{svg "octicon-question"}}</a>
|
||||
<span class="help">
|
||||
{{.locale.Tr "repo.migrate.github_token_desc"}}
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
|
||||
<div class="inline field {{if .Err_Auth}}error{{end}}">
|
||||
<label for="auth_token">{{.locale.Tr "access_token"}}</label>
|
||||
<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
|
||||
<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}>
|
||||
<a target="_blank" href="https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html">{{svg "octicon-question"}}</a>
|
||||
</div>
|
||||
|
||||
|
|
|
@ -20,7 +20,7 @@
|
|||
|
||||
<div class="inline field {{if .Err_Auth}}error{{end}}">
|
||||
<label for="auth_token">{{.locale.Tr "access_token"}}</label>
|
||||
<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
|
||||
<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}>
|
||||
<!-- <a target="_blank" href="https://docs.gitea.io/en-us/api-usage">{{svg "octicon-question"}}</a> -->
|
||||
</div>
|
||||
|
||||
|
|
Loading…
Reference in New Issue