[PATCH] httprepo: long arguments support (issue2126)
Matt Mackall
mpm at selenic.com
Sun Mar 27 10:12:50 CDT 2011
On Sun, 2011-03-27 at 17:21 +0800, Steven Brown wrote:
> On 21 March 2011 22:54, Laurens Holst <laurens.nospam at grauw.nl> wrote:
> > Op 21-03-11 08:30, Dirkjan Ochtman schreef:
> >>
> >> On Mon, Mar 21, 2011 at 02:39, Matt Mackall<mpm at selenic.com> wrote:
> >>>
> >>> Let's try to get more discussion on whether POST is acceptable and
> >>> anyone is using POST filtering.
> >>
> >> AFAICT restricting push access by filtering out POST requests is a
> >> fairly common setup.
> >
> > Yes I do that too, it was the setup described on the wiki. And fairly
> > convenient I must say (and properly RESTful :)).
> >
> > ~Laurens
> >
>
> It would still be possible to authenticate on push like this:
>
> RewriteEngine on
> RewriteCond %{QUERY_STRING} cmd=unbundle
> RewriteRule .* - [E=hg_auth:1]
>
> <Location /hg>
> Order Allow,Deny
> Allow from env=!hg_auth
> AuthType Basic
> AuthName "Mercurial repositories"
> AuthUserFile /home/user/hg/hgusers
> Require valid-user
> Satisfy Any
> </Location>
>
> This new configuration will also work for existing servers, without
> upgrading Mercurial. So it could be added to the Wiki as soon as this
> patch is accepted, and POST filtering could be deprecated.
>
> For existing servers using POST filtering:
> - Make a one-time change to the Apache configuration.
We try to avoid this sort of thing, it's hugely painful for upgrading.
If a change is invasive enough that you're likely to notice it right
after upgrading and curse, then it's too invasive.
So if people today are depending on the GET/POST distinction, then we
need to exhaust all our other options first.
--
Mathematics is the supreme nostalgia of our time.
More information about the Mercurial-devel
mailing list