1 HTTP transfer protocols
2 =======================
4 Git supports two HTTP based transfer protocols. A "dumb" protocol
5 which requires only a standard HTTP server on the server end of the
6 connection, and a "smart" protocol which requires a Git aware CGI
7 (or server module). This document describes both protocols.
9 As a design feature smart clients can automatically upgrade "dumb"
10 protocol URLs to smart URLs. This permits all users to have the
11 same published URL, and the peers automatically select the most
12 efficient transport available to them.
18 URLs for Git repositories accessed by HTTP use the standard HTTP
19 URL syntax documented by RFC 1738, so they are of the form:
21 http://<host>:<port>/<path>?<searchpart>
23 Within this documentation the placeholder `$GIT_URL` will stand for
24 the http:// repository URL entered by the end-user.
26 Servers SHOULD handle all requests to locations matching `$GIT_URL`, as
27 both the "smart" and "dumb" HTTP protocols used by Git operate
28 by appending additional path components onto the end of the user
29 supplied `$GIT_URL` string.
31 An example of a dumb client requesting for a loose object:
33 $GIT_URL: http://example.com:8080/git/repo.git
34 URL request: http://example.com:8080/git/repo.git/objects/d0/49f6c27a2244e12041955e262a404c7faba355
36 An example of a smart request to a catch-all gateway:
38 $GIT_URL: http://example.com/daemon.cgi?svc=git&q=
39 URL request: http://example.com/daemon.cgi?svc=git&q=/info/refs&service=git-receive-pack
41 An example of a request to a submodule:
43 $GIT_URL: http://example.com/git/repo.git/path/submodule.git
44 URL request: http://example.com/git/repo.git/path/submodule.git/info/refs
46 Clients MUST strip a trailing `/`, if present, from the user supplied
47 `$GIT_URL` string to prevent empty path tokens (`//`) from appearing
48 in any URL sent to a server. Compatible clients MUST expand
49 `$GIT_URL/info/refs` as `foo/info/refs` and not `foo//info/refs`.
55 Standard HTTP authentication is used if authentication is required
56 to access a repository, and MAY be configured and enforced by the
59 Because Git repositories are accessed by standard path components
60 server administrators MAY use directory based permissions within
61 their HTTP server to control repository access.
63 Clients SHOULD support Basic authentication as described by RFC 2617.
64 Servers SHOULD support Basic authentication by relying upon the
65 HTTP server placed in front of the Git server software.
67 Servers SHOULD NOT require HTTP cookies for the purposes of
68 authentication or access control.
70 Clients and servers MAY support other common forms of HTTP based
71 authentication, such as Digest authentication.
77 Clients and servers SHOULD support SSL, particularly to protect
78 passwords when relying on Basic HTTP authentication.
84 The Git over HTTP protocol (much like HTTP itself) is stateless
85 from the perspective of the HTTP server side. All state MUST be
86 retained and managed by the client process. This permits simple
87 round-robin load-balancing on the server side, without needing to
88 worry about state management.
90 Clients MUST NOT require state management on the server side in
91 order to function correctly.
93 Servers MUST NOT require HTTP cookies in order to function correctly.
94 Clients MAY store and forward HTTP cookies during request processing
95 as described by RFC 2616 (HTTP/1.1). Servers SHOULD ignore any
96 cookies sent by a client.
99 General Request Processing
100 --------------------------
102 Except where noted, all standard HTTP behavior SHOULD be assumed
103 by both client and server. This includes (but is not necessarily
106 If there is no repository at `$GIT_URL`, or the resource pointed to by a
107 location matching `$GIT_URL` does not exist, the server MUST NOT respond
108 with `200 OK` response. A server SHOULD respond with
109 `404 Not Found`, `410 Gone`, or any other suitable HTTP status code
110 which does not imply the resource exists as requested.
112 If there is a repository at `$GIT_URL`, but access is not currently
113 permitted, the server MUST respond with the `403 Forbidden` HTTP
116 Servers SHOULD support both HTTP 1.0 and HTTP 1.1.
117 Servers SHOULD support chunked encoding for both request and response
120 Clients SHOULD support both HTTP 1.0 and HTTP 1.1.
121 Clients SHOULD support chunked encoding for both request and response
124 Servers MAY return ETag and/or Last-Modified headers.
126 Clients MAY revalidate cached entities by including If-Modified-Since
127 and/or If-None-Match request headers.
129 Servers MAY return `304 Not Modified` if the relevant headers appear
130 in the request and the entity has not changed. Clients MUST treat
131 `304 Not Modified` identical to `200 OK` by reusing the cached entity.
133 Clients MAY reuse a cached entity without revalidation if the
134 Cache-Control and/or Expires header permits caching. Clients and
135 servers MUST follow RFC 2616 for cache controls.
138 Discovering References
139 ----------------------
141 All HTTP clients MUST begin either a fetch or a push exchange by
142 discovering the references available on the remote repository.
147 HTTP clients that only support the "dumb" protocol MUST discover
148 references by making a request for the special info/refs file of
151 Dumb HTTP clients MUST make a `GET` request to `$GIT_URL/info/refs`,
152 without any search/query parameters.
154 C: GET $GIT_URL/info/refs HTTP/1.0
158 S: 95dcfa3633004da0049d3d0fa03f80589cbcaf31 refs/heads/maint
159 S: d049f6c27a2244e12041955e262a404c7faba355 refs/heads/master
160 S: 2cb58b79488a98d2721cea644875a8dd0026b115 refs/tags/v1.0
161 S: a3c2e2402b99163d1d59756e5f207ae21cccba4c refs/tags/v1.0^{}
163 The Content-Type of the returned info/refs entity SHOULD be
164 `text/plain; charset=utf-8`, but MAY be any content type.
165 Clients MUST NOT attempt to validate the returned Content-Type.
166 Dumb servers MUST NOT return a return type starting with
167 `application/x-git-`.
169 Cache-Control headers MAY be returned to disable caching of the
172 When examining the response clients SHOULD only examine the HTTP
173 status code. Valid responses are `200 OK`, or `304 Not Modified`.
175 The returned content is a UNIX formatted text file describing
176 each ref and its known value. The file SHOULD be sorted by name
177 according to the C locale ordering. The file SHOULD NOT include
178 the default ref named `HEAD`.
180 info_refs = *( ref_record )
181 ref_record = any_ref / peeled_ref
183 any_ref = obj-id HTAB refname LF
184 peeled_ref = obj-id HTAB refname LF
185 obj-id HTAB refname "^{}" LF
190 HTTP clients that support the "smart" protocol (or both the
191 "smart" and "dumb" protocols) MUST discover references by making
192 a parameterized request for the info/refs file of the repository.
194 The request MUST contain exactly one query parameter,
195 `service=$servicename`, where `$servicename` MUST be the service
196 name the client wishes to contact to complete the operation.
197 The request MUST NOT contain additional query parameters.
199 C: GET $GIT_URL/info/refs?service=git-upload-pack HTTP/1.0
205 S: 95dcfa3633004da0049d3d0fa03f80589cbcaf31 refs/heads/maint
206 S: d049f6c27a2244e12041955e262a404c7faba355 refs/heads/master
207 S: 2cb58b79488a98d2721cea644875a8dd0026b115 refs/tags/v1.0
208 S: a3c2e2402b99163d1d59756e5f207ae21cccba4c refs/tags/v1.0^{}
213 S: Content-Type: application/x-git-upload-pack-advertisement
214 S: Cache-Control: no-cache
216 S: 001e# service=git-upload-pack\n
218 S: 004895dcfa3633004da0049d3d0fa03f80589cbcaf31 refs/heads/maint\0multi_ack\n
219 S: 003fd049f6c27a2244e12041955e262a404c7faba355 refs/heads/master\n
220 S: 003c2cb58b79488a98d2721cea644875a8dd0026b115 refs/tags/v1.0\n
221 S: 003fa3c2e2402b99163d1d59756e5f207ae21cccba4c refs/tags/v1.0^{}\n
224 The client may send Extra Parameters (see
225 Documentation/technical/pack-protocol.txt) as a colon-separated string
226 in the Git-Protocol HTTP header.
230 Dumb servers MUST respond with the dumb server reply format.
232 See the prior section under dumb clients for a more detailed
233 description of the dumb server response.
235 Smart Server Response
236 ^^^^^^^^^^^^^^^^^^^^^
237 If the server does not recognize the requested service name, or the
238 requested service name has been disabled by the server administrator,
239 the server MUST respond with the `403 Forbidden` HTTP status code.
241 Otherwise, smart servers MUST respond with the smart server reply
242 format for the requested service name.
244 Cache-Control headers SHOULD be used to disable caching of the
247 The Content-Type MUST be `application/x-$servicename-advertisement`.
248 Clients SHOULD fall back to the dumb protocol if another content
249 type is returned. When falling back to the dumb protocol clients
250 SHOULD NOT make an additional request to `$GIT_URL/info/refs`, but
251 instead SHOULD use the response already in hand. Clients MUST NOT
252 continue if they do not support the dumb protocol.
254 Clients MUST validate the status code is either `200 OK` or
257 Clients MUST validate the first five bytes of the response entity
258 matches the regex `^[0-9a-f]{4}#`. If this test fails, clients
261 Clients MUST parse the entire response as a sequence of pkt-line
264 Clients MUST verify the first pkt-line is `# service=$servicename`.
265 Servers MUST set $servicename to be the request parameter value.
266 Servers SHOULD include an LF at the end of this line.
267 Clients MUST ignore an LF at the end of the line.
269 Servers MUST terminate the response with the magic `0000` end
272 The returned response is a pkt-line stream describing each ref and
273 its known value. The stream SHOULD be sorted by name according to
274 the C locale ordering. The stream SHOULD include the default ref
275 named `HEAD` as the first ref. The stream MUST include capability
276 declarations behind a NUL on the first ref.
278 The returned response contains "version 1" if "version=1" was sent as an
281 smart_reply = PKT-LINE("# service=$servicename" LF)
286 ref_list = empty_list / non_empty_list
288 empty_list = PKT-LINE(zero-id SP "capabilities^{}" NUL cap-list LF)
290 non_empty_list = PKT-LINE(obj-id SP name NUL cap_list LF)
293 cap-list = capability *(SP capability)
294 capability = 1*(LC_ALPHA / DIGIT / "-" / "_")
297 ref_record = any_ref / peeled_ref
298 any_ref = PKT-LINE(obj-id SP name LF)
299 peeled_ref = PKT-LINE(obj-id SP name LF)
300 PKT-LINE(obj-id SP name "^{}" LF
303 Smart Service git-upload-pack
304 ------------------------------
305 This service reads from the repository pointed to by `$GIT_URL`.
307 Clients MUST first perform ref discovery with
308 `$GIT_URL/info/refs?service=git-upload-pack`.
310 C: POST $GIT_URL/git-upload-pack HTTP/1.0
311 C: Content-Type: application/x-git-upload-pack-request
313 C: 0032want 0a53e9ddeaddad63ad106860237bbf53411d11a7\n
314 C: 0032have 441b40d833fdfa93eb2908e52742248faf0ee993\n
318 S: Content-Type: application/x-git-upload-pack-result
319 S: Cache-Control: no-cache
321 S: ....ACK %s, continue
324 Clients MUST NOT reuse or revalidate a cached response.
325 Servers MUST include sufficient Cache-Control headers
326 to prevent caching of the response.
328 Servers SHOULD support all capabilities defined here.
330 Clients MUST send at least one "want" command in the request body.
331 Clients MUST NOT reference an id in a "want" command which did not
332 appear in the response obtained through ref discovery unless the
333 server advertises capability `allow-tip-sha1-in-want` or
334 `allow-reachable-sha1-in-want`.
336 compute_request = want_list
339 request_end = "0000" / "done"
341 want_list = PKT-LINE(want SP cap_list LF)
343 want_pkt = PKT-LINE(want LF)
345 cap_list = capability *(SP capability)
347 have_list = *PKT-LINE("have" SP id LF)
349 TODO: Document this further.
351 The Negotiation Algorithm
352 ~~~~~~~~~~~~~~~~~~~~~~~~~
353 The computation to select the minimal pack proceeds as follows
354 (C = client, S = server):
358 C: Use ref discovery to obtain the advertised refs.
360 C: Place any object seen into set `advertised`.
362 C: Build an empty set, `common`, to hold the objects that are later
363 determined to be on both ends.
365 C: Build a set, `want`, of the objects from `advertised` the client
366 wants to fetch, based on what it saw during ref discovery.
368 C: Start a queue, `c_pending`, ordered by commit time (popping newest
369 first). Add all client refs. When a commit is popped from
370 the queue its parents SHOULD be automatically inserted back.
371 Commits MUST only enter the queue once.
375 C: Send one `$GIT_URL/git-upload-pack` request:
377 C: 0032want <want #1>...............................
378 C: 0032want <want #2>...............................
380 C: 0032have <common #1>.............................
381 C: 0032have <common #2>.............................
383 C: 0032have <have #1>...............................
384 C: 0032have <have #2>...............................
388 The stream is organized into "commands", with each command
389 appearing by itself in a pkt-line. Within a command line,
390 the text leading up to the first space is the command name,
391 and the remainder of the line to the first LF is the value.
392 Command lines are terminated with an LF as the last byte of
395 Commands MUST appear in the following order, if they appear
396 at all in the request stream:
401 The stream is terminated by a pkt-line flush (`0000`).
403 A single "want" or "have" command MUST have one hex formatted
404 object name as its value. Multiple object names MUST be sent by sending
405 multiple commands. Object names MUST be given using the object format
406 negotiated through the `object-format` capability (default SHA-1).
408 The `have` list is created by popping the first 32 commits
409 from `c_pending`. Less can be supplied if `c_pending` empties.
411 If the client has sent 256 "have" commits and has not yet
412 received one of those back from `s_common`, or the client has
413 emptied `c_pending` it SHOULD include a "done" command to let
414 the server know it won't proceed:
418 S: Parse the git-upload-pack request:
420 Verify all objects in `want` are directly reachable from refs.
422 The server MAY walk backwards through history or through
423 the reflog to permit slightly stale requests.
425 If no "want" objects are received, send an error:
426 TODO: Define error if no "want" lines are requested.
428 If any "want" object is not reachable, send an error:
429 TODO: Define error if an invalid "want" is requested.
431 Create an empty list, `s_common`.
435 Loop through the objects in the order supplied by the client.
437 For each object, if the server has the object reachable from
438 a ref, add it to `s_common`. If a commit is added to `s_common`,
439 do not add any ancestors, even if they also appear in `have`.
441 S: Send the git-upload-pack response:
443 If the server has found a closed set of objects to pack or the
444 request ends with "done", it replies with the pack.
445 TODO: Document the pack based response
449 The returned stream is the side-band-64k protocol supported
450 by the git-upload-pack service, and the pack is embedded into
451 stream 1. Progress messages from the server side MAY appear
454 Here a "closed set of objects" is defined to have at least
455 one path from every "want" to at least one "common" object.
457 If the server needs more information, it replies with a
458 status continue response:
459 TODO: Document the non-pack response
461 C: Parse the upload-pack response:
462 TODO: Document parsing response
464 'Do another compute step.'
467 Smart Service git-receive-pack
468 ------------------------------
469 This service reads from the repository pointed to by `$GIT_URL`.
471 Clients MUST first perform ref discovery with
472 `$GIT_URL/info/refs?service=git-receive-pack`.
474 C: POST $GIT_URL/git-receive-pack HTTP/1.0
475 C: Content-Type: application/x-git-receive-pack-request
477 C: ....0a53e9ddeaddad63ad106860237bbf53411d11a7 441b40d833fdfa93eb2908e52742248faf0ee993 refs/heads/maint\0 report-status
482 S: Content-Type: application/x-git-receive-pack-result
483 S: Cache-Control: no-cache
487 Clients MUST NOT reuse or revalidate a cached response.
488 Servers MUST include sufficient Cache-Control headers
489 to prevent caching of the response.
491 Servers SHOULD support all capabilities defined here.
493 Clients MUST send at least one command in the request body.
494 Within the command portion of the request body clients SHOULD send
495 the id obtained through ref discovery as old_id.
497 update_request = command_list
500 command_list = PKT-LINE(command NUL cap_list LF)
502 command_pkt = PKT-LINE(command LF)
503 cap_list = *(SP capability) SP
505 command = create / delete / update
506 create = zero-id SP new_id SP name
507 delete = old_id SP zero-id SP name
508 update = old_id SP new_id SP name
510 TODO: Document this further.
516 http://www.ietf.org/rfc/rfc1738.txt[RFC 1738: Uniform Resource Locators (URL)]
517 http://www.ietf.org/rfc/rfc2616.txt[RFC 2616: Hypertext Transfer Protocol -- HTTP/1.1]
518 link:technical/pack-protocol.html
519 link:technical/protocol-capabilities.html