summaryrefslogtreecommitdiff
path: root/t/t5812-proto-disable-http.sh
diff options
context:
space:
mode:
authorLibravatar Jeff King <peff@peff.net>2017-02-25 14:18:31 -0500
committerLibravatar Junio C Hamano <gitster@pobox.com>2017-02-27 10:35:24 -0800
commit40a18fc77ca3ba1b018f0fbdcbdf4a6d237aadf3 (patch)
treec446b4b2a675bbb08c31f8fd2ec1bf08b537d6c2 /t/t5812-proto-disable-http.sh
parenthttp: restrict auth methods to what the server advertises (diff)
downloadtgif-40a18fc77ca3ba1b018f0fbdcbdf4a6d237aadf3.tar.xz
http: add an "auto" mode for http.emptyauth
This variable needs to be specified to make some types of non-basic authentication work, but ideally this would just work out of the box for everyone. However, simply setting it to "1" by default introduces an extra round-trip for cases where it _isn't_ useful. We end up sending a bogus empty credential that the server rejects. Instead, let's introduce an automatic mode, that works like this: 1. We won't try to send the bogus credential on the first request. We'll wait to get an HTTP 401, as usual. 2. After seeing an HTTP 401, the empty-auth hack will kick in only when we know there is an auth method available that might make use of it (i.e., something besides "Basic" or "Digest"). That should make it work out of the box, without incurring any extra round-trips for people hitting Basic-only servers. This _does_ incur an extra round-trip if you really want to use "Basic" but your server advertises other methods (the emptyauth hack will kick in but fail, and then Git will actually ask for a password). The auto mode may incur an extra round-trip over setting http.emptyauth=true, because part of the emptyauth hack is to feed this blank password to curl even before we've made a single request. Helped-by: Johannes Schindelin <Johannes.Schindelin@gmx.de> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 't/t5812-proto-disable-http.sh')
0 files changed, 0 insertions, 0 deletions