Re: Authz on Collection of Repositories

From: Branko ÄŒibej <brane_at_wandisco.com>
Date: Mon, 05 Nov 2012 09:11:50 +0100

On 05.11.2012 00:21, Thomas Ã…kesson wrote:
> I did some tests with curl --head just as a sanity check. It seems to be a good choice for access control. I primarily wanted to see that HEAD requests were not allowed in situations where GET is not (e.g. when user has access in directories below).
>
> The HEAD requests I performed (minimal curl command) did not cause the server to provide Content-Length when returning "200 OK".

Which is precisely what I was talking about in my other post. Such HEAD
responses are invalid. If we implement HEAD, we have to do it correctly.

-- Brane
Received on 2012-11-05 09:12:28 CET

This message: [ Message body ]
Next message: Prabhu Gnana Sundar: "Re: [PATCH] Implement svnadmin verify --force"
Previous message: Johan Corveleyn: "Hanging tests mergeinfo-test.exe 12, 15 and skel-test.exe 4 on WinXP with VS2010 release build"
In reply to: Thomas Åkesson: "Re: Authz on Collection of Repositories"
Next in thread: Mark Phippard: "Re: Authz on Collection of Repositories"
Reply: Mark Phippard: "Re: Authz on Collection of Repositories"
Reply: Ivan Zhakov: "Re: Authz on Collection of Repositories"
Reply: Thomas Åkesson: "Re: Authz on Collection of Repositories"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]