Recognize authenticated Gitea browser sessions without weakening per-user prompt isolation

Hop-State: A_06FNB6HTKZAXH2SX1G8AB0R
Hop-Proposal: R_06FNB6HA40Y1E1T39G6YJHG
Hop-Task: T_06FNB5TE4DHAVABVH82WBN8
Hop-Attempt: AT_06FNB5TE4FW7MD6KTFYP3EG
This commit is contained in:
2026-07-12 02:13:18 -07:00
committed by Hop
parent 12c806c77f
commit 96cd6823b2
3 changed files with 104 additions and 25 deletions
+5
View File
@@ -32,6 +32,11 @@ plane, preserving the browser's Gitea session cookie. This lets the Prompts
view check the viewer's repository access before returning potentially
sensitive prompt text.
The control plane verifies the browser session through Gitea's protected web
settings route, then uses `GITEA_API_TOKEN` to resolve the server-rendered login
to Gitea's immutable user ID. Gitea's `/api/v1/user` endpoint is token-only and
must not be used to validate browser sessions.
For nginx, the control-plane location should precede the Gitea catch-all:
```nginx