Re: Authz on Collection of Repositories

From: Ivan Zhakov <ivan_at_visualsvn.com>
Date: Mon, 5 Nov 2012 16:15:07 +0400

On Mon, Nov 5, 2012 at 12:11 PM, Branko Čibej <brane_at_wandisco.com> wrote:
> On 05.11.2012 00:21, Thomas Åkesson wrote:
>> I did some tests with curl --head just as a sanity check. It seems to be a good choice for access control. I primarily wanted to see that HEAD requests were not allowed in situations where GET is not (e.g. when user has access in directories below).
>>
>> The HEAD requests I performed (minimal curl command) did not cause the server to provide Content-Length when returning "200 OK".
>
> Which is precisely what I was talking about in my other post. Such HEAD
> responses are invalid. If we implement HEAD, we have to do it correctly.
>
I believe we use chunked responses and I assume they do not require
Content-Length header.

-- 
Ivan Zhakov

Received on 2012-11-05 13:16:00 CET

This message: [ Message body ]
Next message: Stefan Fuhrmann: "Re: svn commit: r1404159 - /subversion/trunk/subversion/libsvn_subr/named_atomic.c"
Previous message: Philip Martin: "Re: svn commit: r1405441 - /subversion/branches/compressed-pristines/subversion/libsvn_wc/wc_db_pristine.c"
In reply to: Branko Čibej: "Re: Authz on Collection of Repositories"
Next in thread: Lieven Govaerts: "Re: Authz on Collection of Repositories"
Reply: Lieven Govaerts: "Re: Authz on Collection of Repositories"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]