]> Cypherpunks repositories - gostls13.git/commit
projects / gostls13.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: cdd8cf4) | patch
[release-branch.go1.25] net/http: require exact match for CrossSiteProtection bypass...
authorFilippo Valsorda <filippo@golang.org>
Tue, 26 Aug 2025 20:52:39 +0000 (16:52 -0400)
committerCherry Mui <cherryyz@google.com>
Wed, 27 Aug 2025 15:45:05 +0000 (08:45 -0700)
commitb1959cf6f7673eaffa89bbdb00e68b30cde3aa8a
tree63750dc2d178f2438b32de70112a18cacb69d7dftree
parentcdd8cf4988c7c0f2bb8eb795f74c4f803c63a70dcommit | diff
[release-branch.go1.25] net/http: require exact match for CrossSiteProtection bypass patterns

Fixes #75160
Updates #75054
Fixes CVE-2025-47910

Change-Id: I6a6a696440c45c450d2cd681f418b01aa0422a60
Reviewed-on: https://go-review.googlesource.com/c/go/+/699276
Reviewed-by: Roland Shoemaker <roland@golang.org>
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
src/net/http/csrf.go diff | blob | history
src/net/http/csrf_test.go diff | blob | history
Go GOST TLS 1.3