diff options
author | Junio C Hamano <gitster@pobox.com> | 2016-12-19 14:45:31 -0800 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2016-12-19 14:45:32 -0800 |
commit | 8a2882f23ecce3a8742743555a408e508d4db806 (patch) | |
tree | 3e543652bc74d5401d6c3858410ad434ae02451a /http.h | |
parent | 73e494f86239b7edcf44f4c185c997b05c0e763b (diff) | |
parent | cb4d2d35c4622ec2513c1c352d30ff8f9f9cdb9e (diff) |
Merge branch 'jk/http-walker-limit-redirect-2.9'
Transport with dumb http can be fooled into following foreign URLs that the end user does not intend to, especially with the server side redirects and http-alternates mechanism, which can lead to security issues. Tighten the redirection and make it more obvious to the end user when it happens. * jk/http-walker-limit-redirect-2.9: http: treat http-alternates like redirects http: make redirects more obvious remote-curl: rename shadowed options variable http: always update the base URL for redirects http: simplify update_url_from_redirect
Diffstat (limited to 'http.h')
-rw-r--r-- | http.h | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/http.h b/http.h index 5ab9d9c329..02bccb7b0c 100644 --- a/http.h +++ b/http.h @@ -116,6 +116,13 @@ extern struct credential http_auth; extern char curl_errorstr[CURL_ERROR_SIZE]; +enum http_follow_config { + HTTP_FOLLOW_NONE, + HTTP_FOLLOW_ALWAYS, + HTTP_FOLLOW_INITIAL +}; +extern enum http_follow_config http_follow_config; + static inline int missing__target(int code, int result) { return /* file:// URL -- do we ever use one??? */ @@ -139,7 +146,8 @@ extern char *get_remote_object_url(const char *url, const char *hex, /* Options for http_get_*() */ struct http_get_options { unsigned no_cache:1, - keep_error:1; + keep_error:1, + initial_request:1; /* If non-NULL, returns the content-type of the response. */ struct strbuf *content_type; |