]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: d19e377) | patch
net/http: require exact match for CrossSiteProtection bypass patterns
authorFilippo Valsorda <filippo@golang.org>
Tue, 26 Aug 2025 20:52:39 +0000 (16:52 -0400)
committerGopher Robot <gobot@golang.org>
Wed, 27 Aug 2025 15:03:34 +0000 (08:03 -0700)
commitb21867b1a2a8e276257e3cb81f4a1dc7e8f9e2cd
tree370e71cf26dab0ef6e1b636116f4db6cc9d1520ftree
parentd19e377f6ea3b84e94d309894419f2995e7b56bdcommit | diff
net/http: require exact match for CrossSiteProtection bypass patterns

Fixes #75054
Fixes CVE-2025-47910

Change-Id: I6a6a696440c45c450d2cd681f418b01aa0422a60
Reviewed-on: https://go-review.googlesource.com/c/go/+/699275
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Carlos Amedee <carlos@golang.org>
src/net/http/csrf.go diff | blob | history
src/net/http/csrf_test.go diff | blob | history
Go GOST TLS 1.3