mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-05-31 11:52:10 +00:00
fix: consider HEAD requests to be pulls (#6750)
Previously an anonymous GET request to e.g. https://codeberg.org/forgejo/forgejo/HEAD was allowed, as GET requests are considered pulls and those don't need authentication for a public repository, but a HEAD request to the same URL was rejected with a 401. Since the result of a HEAD request is a subset of the result of a GET request it is safe to allow HEAD as well. This isn't really a practical issue for Forgejo itself, but I have encountered this in https://codeberg.org/forgejo-aneksajo/forgejo-aneksajo/issues/40. Since the fix isn't git-annex specific I am proposing it here. ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [X] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] I do not want this change to show in the release notes. - [ ] I want the title to show in the release notes with a link to this pull request. - [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6750 Reviewed-by: Michael Kriese <michael.kriese@gmx.de> Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Matthias Riße <m.risse@fz-juelich.de> Co-committed-by: Matthias Riße <m.risse@fz-juelich.de>
This commit is contained in:
Matthias Riße
Earl Warren
parent
5961db5aa7
commit
7f4f3434ec
2 changed files with 136 additions and 1 deletions
|
|
@ -78,7 +78,7 @@ func httpBase(ctx *context.Context) *serviceHandler {
|
|||
strings.HasSuffix(ctx.Req.URL.Path, "git-upload-archive") {
|
||||
isPull = true
|
||||
} else {
|
||||
isPull = ctx.Req.Method == "GET"
|
||||
isPull = ctx.Req.Method == "GET" || ctx.Req.Method == "HEAD"
|
||||
}
|
||||
|
||||
var accessMode perm.AccessMode
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue