From: Jeff King <peff@peff.net>
To: Nicolas Mailhot <nicolas.mailhot@laposte.net>
Cc: git@vger.kernel.org
Subject: Re: Handle HTTP error 511 Network Authentication Required (standard secure proxy authentification/captive portal detection)
Date: Mon, 20 Feb 2012 14:15:00 -0500 [thread overview]
Message-ID: <20120220191500.GA29228@sigill.intra.peff.net> (raw)
In-Reply-To: <cb81840f853a1d43a7da03ea24c86445.squirrel@arekh.dyndns.org>
On Mon, Feb 20, 2012 at 07:27:08PM +0100, Nicolas Mailhot wrote:
> Step 3 is a quite less obvious on a corporate network, where Internet access
> is gated by a filtering proxy, that will let some sites pass transparently but
> require credentials to let you access others. Worst case, there are several
> load-balanced gateways on different physical sites (to avoid spofs in case of
> planes falling on the wrong place), that do not share authentication (because
> propagating auth across physical sites is hard). So no, just launching a
> browser is not sufficient to find the captive portal, you need to actually
> access the URL returned by error 511 in meta information. Git should at
> minimum report this URL.
>
> (and no this is not an hypothetical scenario and yes there are git users
> trying to pass the gateways there)
This is exactly the sort of information I wanted to get from a
real-world scenario. From your initial messages, it sounded like a
purely hypothetical thing.
I think a good first step would be improving the error message for a
511, then. Unfortunately, it seems from the rfc draft you sent that
callers are expected to parse the link out of the HTML given in the body
of the response. It seems silly that there is not a Location field
associated with a 511, similar to redirects.
-Peff
next prev parent reply other threads:[~2012-02-20 19:15 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-02-19 21:03 Handle HTTP error 511 Network Authentication Required (standard secure proxy authentification/captive portal detection) Nicolas Mailhot
2012-02-20 1:06 ` Jeff King
2012-02-20 5:38 ` Nicolas Mailhot
2012-02-20 13:56 ` Jeff King
2012-02-20 15:34 ` Nicolas Mailhot
2012-02-20 15:44 ` Jeff King
2012-02-20 18:27 ` Nicolas Mailhot
2012-02-20 19:15 ` Jeff King [this message]
2012-02-20 19:24 ` Nicolas Mailhot
2012-02-20 19:30 ` Jeff King
2012-02-20 19:51 ` Nicolas Mailhot
2012-02-20 19:06 ` Daniel Stenberg
2012-02-20 19:09 ` Jeff King
2012-02-20 20:16 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120220191500.GA29228@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=nicolas.mailhot@laposte.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).