projects / git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: 527cc4f cb4d2d3)
Merge branch 'jk/http-walker-limit-redirect-2.9' into next
authorJunio C Hamano <gitster@pobox.com>
Mon, 12 Dec 2016 18:57:18 +0000 (10:57 -0800)
committerJunio C Hamano <gitster@pobox.com>
Mon, 12 Dec 2016 18:57:18 +0000 (10:57 -0800)
commit3e4bcd7bca61408e656805bc24503a0bfabf030e
tree46898878644979795378aa58984746bbeed0b595tree | snapshot
parent527cc4f2758854ca834af61475bb5ce9ebc72ef6commit | diff
parentcb4d2d35c4622ec2513c1c352d30ff8f9f9cdb9ecommit | diff
Merge branch 'jk/http-walker-limit-redirect-2.9' into next

Transport with dumb http can be fooled into following foreign URLs
that the end user does not intend to, especially with the server
side redirects and http-alternates mechanism, which can lead to
security issues.  Tighten the redirection and make it more obvious
to the end user when it happens.

* jk/http-walker-limit-redirect-2.9:
  http: treat http-alternates like redirects
  http: make redirects more obvious
  remote-curl: rename shadowed options variable
  http: always update the base URL for redirects
  http: simplify update_url_from_redirect
Documentation/config.txt diff1 | diff2 | blob | history
http-walker.c diff1 | diff2 | blob | history
http.c diff1 | diff2 | blob | history
http.h diff1 | diff2 | blob | history
remote-curl.c diff1 | diff2 | blob | history
t/lib-httpd/apache.conf diff1 | diff2 | blob | history
t/t5550-http-fetch-dumb.sh diff1 | diff2 | blob | history
t/t5551-http-fetch-smart.sh diff1 | diff2 | blob | history
Unnamed repository; edit this file 'description' to name the repository.