From: Jeff King <peff@peff.net>
To: "Yi, EungJun" <semtlenori@gmail.com>
Cc: git@vger.kernel.org
Subject: Re: More detailed error message for 403 forbidden.
Date: Thu, 28 Mar 2013 14:36:01 -0400 [thread overview]
Message-ID: <20130328183601.GA11914@sigill.intra.peff.net> (raw)
In-Reply-To: <CAFT+Tg_PwAS__AYCwQQZjy4LVvAMZFJuJ+ediDJpRnxx73qMMg@mail.gmail.com>
On Wed, Mar 27, 2013 at 12:29:57PM +0900, Yi, EungJun wrote:
> Currently, if user tried to access a git repository via HTTP and it
> fails because the user's permission is not enough to access the
> repository, git client tells that http request failed and the error
> was 403 forbidden.
The situations in which you'll get a 403 depend on how the server is
configured. For instance, on github.com, if you successfully
authenticate but are not authorized to access a repository, you get a
404 (we do this to avoid leaking information about which private
repositories exist). But we do provide a 403 if you try to access the
repository with a non-smart-http client.
So the "403 forbidden" there is not about your account, but about the
method; if git is going to give a more verbose message, it needs to be
careful not to mislead the user.
> It would be much better if git client shows response body which might
> include an explanation of the failure. For example,
> [...]
> $ git clone http://localhost/foo/bar
> error: The requested URL returned error: 403 while accessing
> http://localhost/foo/bar
> remote: User 'me' does not have enough permission to access the repository.
> fatal: HTTP request failed
I agree that is the best way forward, as that means the server is
telling us what is going on, and we are not guessing about the meaning
of the 403.
One problem is that the content body sent along with the error is not
necessarily appropriate for showing to the user (e.g., if it is HTML, it
is probably not a good idea to show it on the terminal). So I think we
would want to only show it when the server has indicated via the
content-type that the message is meant to be shown to the user. I'm
thinking the server would generate something like:
HTTP/1.1 403 Forbidden
Content-type: application/x-git-error-message
User 'me' does not have enough permission to access the repository.
which would produce the example you showed above.
-Peff
next prev parent reply other threads:[~2013-03-28 18:36 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-03-27 3:29 More detailed error message for 403 forbidden Yi, EungJun
2013-03-28 18:36 ` Jeff King [this message]
2013-03-28 18:41 ` Jonathan Nieder
2013-03-28 18:45 ` Jeff King
2013-03-31 9:17 ` Yi, EungJun
2013-03-28 19:11 ` Junio C Hamano
2013-03-28 20:18 ` Jeff King
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130328183601.GA11914@sigill.intra.peff.net \
--to=peff@peff.net \
--cc=git@vger.kernel.org \
--cc=semtlenori@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).