mirror of
				https://gitcode.com/gitea/gitea.git
				synced 2025-10-25 03:57:13 +08:00 
			
		
		
		
	Set type="password" on all auth_token fields (#22175)
Set `type="password"` on all `auth_token` fields Seen when migrating from other hosting platforms. 1. Prevents exposing the token to screen capture/cameras/eyeballs. 2. Prevents the browser from saving the value in its autocomplete dictionary, which often is not secure.  Closes #22174 --------- Signed-off-by: Dan Church <amphetamachine@gmail.com> Co-authored-by: silverwind <me@silverwind.io>
This commit is contained in:
		| @ -20,7 +20,7 @@ | |||||||
|  |  | ||||||
| 					<div class="inline field {{if .Err_Auth}}error{{end}}"> | 					<div class="inline field {{if .Err_Auth}}error{{end}}"> | ||||||
| 						<label for="auth_token">{{.locale.Tr "access_token"}}</label> | 						<label for="auth_token">{{.locale.Tr "access_token"}}</label> | ||||||
| 						<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}> | 						<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}> | ||||||
| 						<a target="_blank" href="https://docs.gitea.io/en-us/api-usage">{{svg "octicon-question"}}</a> | 						<a target="_blank" href="https://docs.gitea.io/en-us/api-usage">{{svg "octicon-question"}}</a> | ||||||
| 					</div> | 					</div> | ||||||
|  |  | ||||||
|  | |||||||
| @ -20,7 +20,7 @@ | |||||||
|  |  | ||||||
| 					<div class="inline field {{if .Err_Auth}}error{{end}}"> | 					<div class="inline field {{if .Err_Auth}}error{{end}}"> | ||||||
| 						<label for="auth_token">{{.locale.Tr "access_token"}}</label> | 						<label for="auth_token">{{.locale.Tr "access_token"}}</label> | ||||||
| 						<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}> | 						<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}> | ||||||
| 						<a target="_blank" href="https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token">{{svg "octicon-question"}}</a> | 						<a target="_blank" href="https://docs.github.com/en/github/authenticating-to-github/creating-a-personal-access-token">{{svg "octicon-question"}}</a> | ||||||
| 						<span class="help"> | 						<span class="help"> | ||||||
| 						{{.locale.Tr "repo.migrate.github_token_desc"}} | 						{{.locale.Tr "repo.migrate.github_token_desc"}} | ||||||
|  | |||||||
| @ -20,7 +20,7 @@ | |||||||
|  |  | ||||||
| 					<div class="inline field {{if .Err_Auth}}error{{end}}"> | 					<div class="inline field {{if .Err_Auth}}error{{end}}"> | ||||||
| 						<label for="auth_token">{{.locale.Tr "access_token"}}</label> | 						<label for="auth_token">{{.locale.Tr "access_token"}}</label> | ||||||
| 						<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}> | 						<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}}data-need-clear="true"{{end}}> | ||||||
| 						<a target="_blank" href="https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html">{{svg "octicon-question"}}</a> | 						<a target="_blank" href="https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html">{{svg "octicon-question"}}</a> | ||||||
| 					</div> | 					</div> | ||||||
|  |  | ||||||
|  | |||||||
| @ -20,7 +20,7 @@ | |||||||
|  |  | ||||||
| 					<div class="inline field {{if .Err_Auth}}error{{end}}"> | 					<div class="inline field {{if .Err_Auth}}error{{end}}"> | ||||||
| 						<label for="auth_token">{{.locale.Tr "access_token"}}</label> | 						<label for="auth_token">{{.locale.Tr "access_token"}}</label> | ||||||
| 						<input id="auth_token" name="auth_token" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}> | 						<input id="auth_token" name="auth_token" type="password" autocomplete="new-password" value="{{.auth_token}}" {{if not .auth_token}} data-need-clear="true" {{end}}> | ||||||
| 						<!-- <a target="_blank" href="https://docs.gitea.io/en-us/api-usage">{{svg "octicon-question"}}</a> --> | 						<!-- <a target="_blank" href="https://docs.gitea.io/en-us/api-usage">{{svg "octicon-question"}}</a> --> | ||||||
| 					</div> | 					</div> | ||||||
|  |  | ||||||
|  | |||||||
		Reference in New Issue
	
	Block a user
	 Dan Church
					Dan Church