From: "Jakub Narębski" <jnareb@gmail.com>
To: Jeff King <peff@peff.net>
Cc: Magnus Therning <magnus@therning.org>, git@vger.kernel.org
Subject: Re: git-http-backend: anonymous read, authenticated write
Date: Wed, 10 Apr 2013 23:30:59 +0200 [thread overview]
Message-ID: <5165DA13.8010100@gmail.com> (raw)
In-Reply-To: <20130409171247.GD21972@sigill.intra.peff.net>
Jeff King wrote:
> On Tue, Apr 09, 2013 at 07:45:53AM +0200, Magnus Therning wrote:
>> % git push
>> error: The requested URL returned error: 403 Forbidden while accessing
>>
http://magnus@tracsrv.local/git/foo.git/info/refs?service=git-receive-pack
>
> Something in your config is blocking access to info/refs there. It
> should not be the block shown above, which handles only the actual POST
> of the data. The sequence of http requests made is:
>
> 1. GET $repo/info/refs?service=git-receive-pack
>
> This makes initial contact and gets the ref information which push
> uses to decide what it is going to push. So it is read-only, and in
> an anonymous-read setup, does not need to be protected.
Yes, it doesn't need to be protected, but *git-receive-pack* requires
(or required) valid user even for above GET request for getting refs.
> 2. POST $repo/git-receive-pack
>
> This actually pushes up the objects and updates the refs, and
> must be protected.
>
> The setup listed above does work with apache; it is tested as part of
> our test suite (you can see the actual config in t/lib-httpd/apache.conf).
> So what in lighttpd is giving us the 403? Can you share your whole
> config?
I think I have seen a patch on git mailing list to correct this, but
I am not sure.
Are you sure that we test this correctly?
--
Jakub Narębski
next prev parent reply other threads:[~2013-04-10 21:31 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-09 5:45 git-http-backend: anonymous read, authenticated write Magnus Therning
2013-04-09 12:24 ` Jakub Narębski
2013-04-10 20:53 ` Magnus Therning
2013-04-09 17:12 ` Jeff King
2013-04-10 20:45 ` Magnus Therning
2013-04-10 21:53 ` Jeff King
2013-04-10 21:30 ` Jakub Narębski [this message]
2013-04-10 21:47 ` Jeff King
2013-04-10 23:19 ` Magnus Therning
2013-04-11 1:56 ` Jeff King
2013-04-11 3:30 ` [PATCH 0/2] http-backend documentation examples Jeff King
2013-04-11 3:32 ` [PATCH 1/2] doc/http-backend: clarify "half-auth" repo configuration Jeff King
2013-04-11 6:57 ` Magnus Therning
2013-04-11 3:36 ` [PATCH 2/2] doc/http-backend: give some lighttpd config examples Jeff King
2013-04-11 16:47 ` Jakub Narębski
2013-04-11 17:02 ` Jeff King
2013-04-11 18:27 ` Jakub Narębski
2013-04-13 3:33 ` [PATCH 3/2] doc/http-backend: match query-string in apache half-auth example Jeff King
2013-04-13 8:52 ` Jakub Narębski
2013-04-11 6:52 ` git-http-backend: anonymous read, authenticated write Magnus Therning
2013-04-11 19:34 ` Jeff King
2013-04-12 7:22 ` Magnus Therning
2013-04-11 16:43 ` Jakub Narębski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5165DA13.8010100@gmail.com \
--to=jnareb@gmail.com \
--cc=git@vger.kernel.org \
--cc=magnus@therning.org \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).