git-commit-vandalism/t/lib-httpd
Shawn Pearce 4656bf47fc Verify Content-Type from smart HTTP servers
Before parsing a suspected smart-HTTP response verify the returned
Content-Type matches the standard. This protects a client from
attempting to process a payload that smells like a smart-HTTP
server response.

JGit has been doing this check on all responses since the dawn of
time. I mistakenly failed to include it in git-core when smart HTTP
was introduced. At the time I didn't know how to get the Content-Type
from libcurl. I punted, meant to circle back and fix this, and just
plain forgot about it.

Signed-off-by: Shawn Pearce <spearce@spearce.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-02-04 10:22:36 -08:00
..
apache.conf Verify Content-Type from smart HTTP servers 2013-02-04 10:22:36 -08:00
broken-smart-http.sh Verify Content-Type from smart HTTP servers 2013-02-04 10:22:36 -08:00
passwd t5550: test HTTP authentication and userinfo decoding 2010-11-17 13:07:43 -08:00
ssl.cnf