[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authz on Collection of Repositories

From: Mark Phippard <markphip_at_gmail.com>
Date: Mon, 5 Nov 2012 06:02:57 -0500

On Nov 5, 2012, at 3:11 AM, Branko Čibej <brane_at_wandisco.com> wrote:

> On 05.11.2012 00:21, Thomas Åkesson wrote:
>> I did some tests with curl --head just as a sanity check. It seems to be a good choice for access control. I primarily wanted to see that HEAD requests were not allowed in situations where GET is not (e.g. when user has access in directories below).
>>
>> The HEAD requests I performed (minimal curl command) did not cause the server to provide Content-Length when returning "200 OK".
>
> Which is precisely what I was talking about in my other post. Such HEAD
> responses are invalid. If we implement HEAD, we have to do it correctly.
>
> -- Brane

I thought that Serf already issues HEAD requests? Not sure about Neon.

Mark
Received on 2012-11-05 12:03:38 CET

This is an archived mail posted to the Subversion Dev mailing list.