a768a02265
Add a from_user parameter to is_transport_allowed() to allow http to be able to distinguish between protocol restrictions for redirects versus initial requests. CURLOPT_REDIR_PROTOCOLS can now be set differently from CURLOPT_PROTOCOLS to disallow use of protocols with the "user" policy in redirects. This change allows callers to query if a transport protocol is allowed, given that the caller knows that the protocol is coming from the user (1) or not from the user (0) such as redirects in libcurl. If unknown a -1 should be provided which falls back to reading `GIT_PROTOCOL_FROM_USER` to determine if the protocol came from the user. Signed-off-by: Brandon Williams <bmwill@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
42 lines
1.1 KiB
Bash
Executable File
42 lines
1.1 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
test_description='test disabling of git-over-http in clone/fetch'
|
|
. ./test-lib.sh
|
|
. "$TEST_DIRECTORY/lib-proto-disable.sh"
|
|
. "$TEST_DIRECTORY/lib-httpd.sh"
|
|
start_httpd
|
|
|
|
test_expect_success 'create git-accessible repo' '
|
|
bare="$HTTPD_DOCUMENT_ROOT_PATH/repo.git" &&
|
|
test_commit one &&
|
|
git --bare init "$bare" &&
|
|
git push "$bare" HEAD &&
|
|
git -C "$bare" config http.receivepack true
|
|
'
|
|
|
|
test_proto "smart http" http "$HTTPD_URL/smart/repo.git"
|
|
|
|
test_expect_success 'curl redirects respect whitelist' '
|
|
test_must_fail env GIT_ALLOW_PROTOCOL=http:https \
|
|
GIT_SMART_HTTP=0 \
|
|
git clone "$HTTPD_URL/ftp-redir/repo.git" 2>stderr &&
|
|
{
|
|
test_i18ngrep "ftp.*disabled" stderr ||
|
|
test_i18ngrep "your curl version is too old"
|
|
}
|
|
'
|
|
|
|
test_expect_success 'curl limits redirects' '
|
|
test_must_fail git clone "$HTTPD_URL/loop-redir/smart/repo.git"
|
|
'
|
|
|
|
test_expect_success 'http can be limited to from-user' '
|
|
git -c protocol.http.allow=user \
|
|
clone "$HTTPD_URL/smart/repo.git" plain.git &&
|
|
test_must_fail git -c protocol.http.allow=user \
|
|
clone "$HTTPD_URL/smart-redir-perm/repo.git" redir.git
|
|
'
|
|
|
|
stop_httpd
|
|
test_done
|