From: Brandon Williams <bmwill@google.com>
To: Jeff King <peff@peff.net>
Cc: git@vger.kernel.org, Jann Horn <jannh@google.com>
Subject: Re: [PATCH 5/6] http: treat http-alternates like redirects
Date: Thu, 1 Dec 2016 15:02:23 -0800 [thread overview]
Message-ID: <20161201230223.GI54082@google.com> (raw)
In-Reply-To: <20161201090432.wtcu2jpacwcf6a4a@sigill.intra.peff.net>
On 12/01, Jeff King wrote:
> - set CURLOPT_PROTOCOLS alongside CURLOPT_REDIR_PROTOCOLS
> restrict ourselves to a known-safe set and respect any
> user-provided whitelist.
> diff --git a/http.c b/http.c
> index 825118481..051fe6e5a 100644
> --- a/http.c
> +++ b/http.c
> @@ -745,6 +745,7 @@ static CURL *get_curl_handle(void)
> if (is_transport_allowed("ftps"))
> allowed_protocols |= CURLPROTO_FTPS;
> curl_easy_setopt(result, CURLOPT_REDIR_PROTOCOLS, allowed_protocols);
> + curl_easy_setopt(result, CURLOPT_PROTOCOLS, allowed_protocols);
> #else
> if (transport_restrict_protocols())
> warning("protocol restrictions not applied to curl redirects because\n"
Because I don't know much about how curl works....Only
http/https/ftp/ftps protocols are allowed to be passed to curl? Is that
because curl only understands those particular protocols?
--
Brandon Williams
next prev parent reply other threads:[~2016-12-01 23:02 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-01 9:03 [PATCH 0/6] restricting http redirects Jeff King
2016-12-01 9:03 ` [PATCH 1/6] http: simplify update_url_from_redirect Jeff King
2016-12-01 9:04 ` [PATCH 2/6] http: always update the base URL for redirects Jeff King
2016-12-01 16:02 ` Ramsay Jones
2016-12-01 22:53 ` Brandon Williams
2016-12-01 23:12 ` Philip Oakley
2016-12-01 23:43 ` Junio C Hamano
2016-12-02 0:07 ` Ramsay Jones
2016-12-02 0:18 ` Jeff King
2016-12-02 1:21 ` Ramsay Jones
2016-12-01 9:04 ` [PATCH 3/6] remote-curl: rename shadowed options variable Jeff King
2016-12-01 9:04 ` [PATCH 4/6] http: make redirects more obvious Jeff King
2016-12-01 16:06 ` Ramsay Jones
2016-12-01 9:04 ` [PATCH 5/6] http: treat http-alternates like redirects Jeff King
2016-12-01 23:02 ` Brandon Williams [this message]
2016-12-02 0:06 ` Jeff King
2016-12-01 9:04 ` [PATCH 6/6] http-walker: complain about non-404 loose object errors Jeff King
2016-12-05 13:08 ` [PATCH 0/6] restricting http redirects Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161201230223.GI54082@google.com \
--to=bmwill@google.com \
--cc=git@vger.kernel.org \
--cc=jannh@google.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.