[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Authz on Collection of Repositories

From: Lieven Govaerts <lgo_at_mobsol.be>
Date: Mon, 5 Nov 2012 14:01:36 +0100

On Mon, Nov 5, 2012 at 12:02 PM, Mark Phippard <markphip_at_gmail.com> wrote:
> On Nov 5, 2012, at 3:11 AM, Branko Čibej <brane_at_wandisco.com> wrote:
>> On 05.11.2012 00:21, Thomas Åkesson wrote:
>>> I did some tests with curl --head just as a sanity check. It seems to be a good choice for access control. I primarily wanted to see that HEAD requests were not allowed in situations where GET is not (e.g. when user has access in directories below).
>>> The HEAD requests I performed (minimal curl command) did not cause the server to provide Content-Length when returning "200 OK".
>> Which is precisely what I was talking about in my other post. Such HEAD
>> responses are invalid. If we implement HEAD, we have to do it correctly.
>> -- Brane
> I thought that Serf already issues HEAD requests? Not sure about Neon.
No it doesn't, serf only sends the requests provided by svn. (except
when setting up an ssl tunnel, but that's not relevant here).

Received on 2012-11-05 14:02:30 CET

This is an archived mail posted to the Subversion Dev mailing list.