docs/config: mention protocol implications of url.insteadOf

If a URL rewrite switches the protocol to something
nonstandard (like "persistent-https" for "https"), the user
may be bitten by the fact that the default protocol
restrictions are different between the two. Let's drop a
note in insteadOf that points the user in the right
direction.

It would be nice if we could make this work out of the box,
but we can't without knowing the security implications of
the user's rewrite. Only the documentation for a particular
remote helper can advise one way or the other. Since we do
include the persistent-https helper in contrib/ (and since
it was the helper in the real-world case that inspired that
patch), let's also drop a note there.

Suggested-by: Elliott Cable <me@ell.io>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Jeff King 2017-05-31 01:18:04 -04:00 committed by Junio C Hamano
parent b06d364310
commit 2c9a2ae285
2 changed files with 17 additions and 0 deletions

View File

@ -3208,6 +3208,13 @@ url.<base>.insteadOf::
the best alternative for the particular user, even for a
never-before-seen repository on the site. When more than one
insteadOf strings match a given URL, the longest match is used.
+
Note that any protocol restrictions will be applied to the rewritten
URL. If the rewrite changes the URL to use a custom protocol or remote
helper, you may need to adjust the `protocol.*.allow` config to permit
the request. In particular, protocols you expect to use for submodules
must be set to `always` rather than the default of `user`. See the
description of `protocol.allow` above.
url.<base>.pushInsteadOf::
Any URL that starts with this value will not be pushed to;

View File

@ -35,6 +35,16 @@ to use persistent-https:
[url "persistent-http"]
insteadof = http
You may also want to allow the use of the persistent-https helper for
submodule URLs (since any https URLs pointing to submodules will be
rewritten, and Git's out-of-the-box defaults forbid submodules from
using unknown remote helpers):
[protocol "persistent-https"]
allow = always
[protocol "persistent-http"]
allow = always
#####################################################################
# BUILDING FROM SOURCE