Lunny Xiao 9b4da56963 Remove ReverseProxy authentication from the API (#22219) (#22251) ... backport from #22219 Since we changed the /api/v1/ routes to disallow session authentication we also removed their reliance on CSRF. However, we left the ReverseProxy authentication here - but this means that POSTs to the API are no longer protected by CSRF. Now, ReverseProxy authentication is a kind of session authentication, and is therefore inconsistent with the removal of session from the API. This PR proposes that we simply remove the ReverseProxy authentication from the API and therefore users of the API must explicitly use tokens or basic authentication. Replace #22077 Close #22221 Close #22077 Signed-off-by: Andrew Thornton <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>		2022-12-27 20:24:43 +01:00
..
api	Remove ReverseProxy authentication from the API (#22219) (#22251)	2022-12-27 20:24:43 +01:00
common	Add support for HEAD requests in Maven registry (#21834) (#21929)	2022-11-25 13:46:28 +02:00
install	Fix token generation when using INTERNAL_TOKEN_URI (#21669) (#21670)	2022-11-03 20:54:25 +00:00
private	Refactor git command arguments and make all arguments to be safe to be used (#21535)	2022-10-23 22:44:45 +08:00
utils	refactor webhook *NewPost (#20729)	2022-08-11 17:48:23 +02:00
web	Ensure that plain files are rendered correctly even when containing ambiguous characters (#22017) (#22160)	2022-12-19 23:51:21 +08:00
init.go	Sync git hooks when config file path changed (#21619) (#21626)	2022-10-30 11:17:11 +08:00