git724/forgejo
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 4
forgejo/routers/web/repo
History
Matthias Riße 7f4f3434ec fix: consider HEAD requests to be pulls (#6750) 
Previously an anonymous GET request to e.g.
https://codeberg.org/forgejo/forgejo/HEAD was allowed, as GET requests
are considered pulls and those don't need authentication for a public
repository, but a HEAD request to the same URL was rejected with a 401.
Since the result of a HEAD request is a subset of the result of a GET
request it is safe to allow HEAD as well.

This isn't really a practical issue for Forgejo itself, but I have encountered this in https://codeberg.org/forgejo-aneksajo/forgejo-aneksajo/issues/40. Since the fix isn't git-annex specific I am proposing it here.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [X] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6750
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Matthias Riße <m.risse@fz-juelich.de>
Co-committed-by: Matthias Riße <m.risse@fz-juelich.de>
2025-02-07 07:39:00 +00:00
..
actions Fix bug on action list deleted branch (#32848) 2024-12-22 07:21:38 +01:00
badges Enable unparam linter (#31277) 2024-06-16 13:42:58 +02:00
flags Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
setting feat: allow changing default branch update style 2024-12-23 18:55:25 +03:00
activity.go Merge pull request '[gitea] week 2024-45 cherry pick (gitea/main -> forgejo)' (#5789) from algernon/wcp/2024-45 into forgejo 2024-11-06 08:57:43 +00:00
attachment.go Fix missing signature key error when pulling Docker images with SERVE_DIRECT enabled (#32365) 2024-11-05 09:33:15 +01:00
blame.go fix: disallow blame on directories (#6716) 2025-01-29 09:02:46 +00:00
branch.go Hide the "Details" link of commit status when the user cannot access actions (#30156) 2024-08-04 08:47:07 +02:00
card.go Change license of card.go 2024-12-29 12:19:48 +01:00
cherry_pick.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
code_frequency.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
commit.go Rewrite OpenGraph Header 2025-01-01 20:43:20 +01:00
compare.go Improve code 2025-01-01 08:08:12 +01:00
contributors.go Fix Activity Page Contributors dropdown (#31264) 2024-06-18 20:05:23 +02:00
download.go Use gitrepo.GetTreePathLatestCommit to get file lastest commit instead from latest commit cache (#32987) 2025-01-05 12:13:48 +00:00
editor.go fix: Preview picture not visible on Markdown file (#5781) 2024-11-23 15:00:18 +00:00
editor_test.go [TESTS] Fix usage of LoadRepoCommit 2024-08-26 08:03:48 +02:00
find.go Escape paths for find file correctly (#30026) 2024-03-26 19:04:27 +01:00
githttp.go fix: consider HEAD requests to be pulls (#6750) 2025-02-07 07:39:00 +00:00
githttp_test.go Fix http protocol auth (#27875) 2023-11-02 22:14:33 +08:00
helper.go feat: avoid sorting for MakeSelfOnTop 2024-12-03 05:32:51 +01:00
helper_test.go feat: avoid sorting for MakeSelfOnTop 2024-12-03 05:32:51 +01:00
issue.go fix(commenter roles): don't give system users roles (#6766) 2025-02-05 17:34:45 +00:00
issue_content_history.go [PORT] Refactor DateUtils and merge TimeSince (gitea#32409) 2024-11-10 22:23:27 +01:00
issue_dependency.go Use PostFormValue instead of PostForm.Get 2024-05-02 10:51:07 +02:00
issue_label.go [GITEA] Apply changes to archived labels 2024-04-01 17:46:02 +05:00
issue_label_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
issue_lock.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
issue_pin.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
issue_stopwatch.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
issue_test.go feat: combine review requests comments 2024-10-25 22:57:32 +02:00
issue_timetrack.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
issue_watch.go Fix Issue watching / unwatching on the web ui 2024-05-01 11:04:54 +02:00
main_test.go make writing main test easier (#27270) 2023-09-28 01:38:53 +00:00
middlewares.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
migrate.go feat(i18n): allow different translations of creation links and titles (#4829) 2024-08-07 16:54:05 +00:00
milestone.go remove util.OptionalBool and related functions (#29513) 2024-03-06 12:10:46 +08:00
packages.go remove util.OptionalBool and related functions (#29513) 2024-03-06 12:10:46 +08:00
patch.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
projects.go Use project's redirect url instead of composing url (#33058) 2025-01-05 13:46:19 +00:00
projects_test.go Rename project board -> column to make the UI less confusing (#30170) 2024-06-02 09:42:39 +02:00
pull.go improve performance of diffs (#32393) 2024-11-05 09:39:21 +01:00
pull_review.go Revert "Prevent allow/reject reviews on merged/closed PRs" 2024-08-12 12:24:52 +01:00
pull_review_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
recent_commits.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
release.go Update 2024-12-18 20:26:39 +01:00
release_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
render.go Refactor render (#30136) 2024-03-30 07:17:31 +01:00
repo.go Add github compatible tarball download API endpoints (#32572) 2024-12-03 10:19:22 +01:00
search.go fix(code search): empty mode dropdown when keyword is empty 2025-01-01 12:32:41 +00:00
topic.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
treelist.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
view.go Rewrite OpenGraph Header 2025-01-01 20:43:20 +01:00
view_test.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
wiki.go Rewrite OpenGraph Header 2025-01-01 20:43:20 +01:00
wiki_test.go chore: remove illegal git usage (#6488) 2025-01-07 17:28:42 +00:00