hgweb: don't responsd to api requests unless feature is enabled
Per discussion at https://phab.mercurial-scm.org/D2834, new URLs
in hgweb can conflict with subrepos and virtual repos. This may prevent
access to repos in certain paths or having certain names.
Until we have a workaround for this, let's not serve requests for
"api/" URLs unless the feature is enabled.
Differential Revision: https://phab.mercurial-scm.org/D2936
--- a/mercurial/hgweb/hgweb_mod.py Fri Mar 23 11:20:49 2018 -0700
+++ b/mercurial/hgweb/hgweb_mod.py Fri Mar 23 11:20:13 2018 -0700
@@ -321,8 +321,11 @@
res.headers['Content-Security-Policy'] = rctx.csp
# /api/* is reserved for various API implementations. Dispatch
- # accordingly.
- if req.dispatchparts and req.dispatchparts[0] == b'api':
+ # accordingly. But URL paths can conflict with subrepos and virtual
+ # repos in hgwebdir. So until we have a workaround for this, only
+ # expose the URLs if the feature is enabled.
+ apienabled = rctx.repo.ui.configbool('experimental', 'web.apiserver')
+ if apienabled and req.dispatchparts and req.dispatchparts[0] == b'api':
wireprotoserver.handlewsgiapirequest(rctx, req, res,
self.check_perm)
return res.sendresponse()
--- a/tests/test-http-api.t Fri Mar 23 11:20:49 2018 -0700
+++ b/tests/test-http-api.t Fri Mar 23 11:20:13 2018 -0700
@@ -8,43 +8,133 @@
Request to /api fails unless web.apiserver is enabled
- $ send << EOF
- > httprequest GET api
- > user-agent: test
- > EOF
- using raw connection to peer
- s> GET /api HTTP/1.1\r\n
- s> Accept-Encoding: identity\r\n
- s> user-agent: test\r\n
- s> host: $LOCALIP:$HGPORT\r\n (glob)
- s> \r\n
- s> makefile('rb', None)
- s> HTTP/1.1 404 Not Found\r\n
- s> Server: testing stub value\r\n
- s> Date: $HTTP_DATE$\r\n
- s> Content-Type: text/plain\r\n
- s> Content-Length: 44\r\n
- s> \r\n
- s> Experimental API server endpoint not enabled
+ $ get-with-headers.py $LOCALIP:$HGPORT api
+ 400 no such method: api
+
+ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+ <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US">
+ <head>
+ <link rel="icon" href="/static/hgicon.png" type="image/png" />
+ <meta name="robots" content="index, nofollow" />
+ <link rel="stylesheet" href="/static/style-paper.css" type="text/css" />
+ <script type="text/javascript" src="/static/mercurial.js"></script>
+
+ <title>$TESTTMP/server: error</title>
+ </head>
+ <body>
+
+ <div class="container">
+ <div class="menu">
+ <div class="logo">
+ <a href="https://mercurial-scm.org/">
+ <img src="/static/hglogo.png" width=75 height=90 border=0 alt="mercurial" /></a>
+ </div>
+ <ul>
+ <li><a href="/shortlog">log</a></li>
+ <li><a href="/graph">graph</a></li>
+ <li><a href="/tags">tags</a></li>
+ <li><a href="/bookmarks">bookmarks</a></li>
+ <li><a href="/branches">branches</a></li>
+ </ul>
+ <ul>
+ <li><a href="/help">help</a></li>
+ </ul>
+ </div>
+
+ <div class="main">
+
+ <h2 class="breadcrumb"><a href="/">Mercurial</a> </h2>
+ <h3>error</h3>
+
+
+ <form class="search" action="/log">
+
+ <p><input name="rev" id="search1" type="text" size="30" value="" /></p>
+ <div id="hint">Find changesets by keywords (author, files, the commit message), revision
+ number or hash, or <a href="/help/revsets">revset expression</a>.</div>
+ </form>
+
+ <div class="description">
+ <p>
+ An error occurred while processing your request:
+ </p>
+ <p>
+ no such method: api
+ </p>
+ </div>
+ </div>
+ </div>
+
+
+
+ </body>
+ </html>
+
+ [1]
- $ send << EOF
- > httprequest GET api/
- > user-agent: test
- > EOF
- using raw connection to peer
- s> GET /api/ HTTP/1.1\r\n
- s> Accept-Encoding: identity\r\n
- s> user-agent: test\r\n
- s> host: $LOCALIP:$HGPORT\r\n (glob)
- s> \r\n
- s> makefile('rb', None)
- s> HTTP/1.1 404 Not Found\r\n
- s> Server: testing stub value\r\n
- s> Date: $HTTP_DATE$\r\n
- s> Content-Type: text/plain\r\n
- s> Content-Length: 44\r\n
- s> \r\n
- s> Experimental API server endpoint not enabled
+ $ get-with-headers.py $LOCALIP:$HGPORT api/
+ 400 no such method: api
+
+ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
+ <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US">
+ <head>
+ <link rel="icon" href="/static/hgicon.png" type="image/png" />
+ <meta name="robots" content="index, nofollow" />
+ <link rel="stylesheet" href="/static/style-paper.css" type="text/css" />
+ <script type="text/javascript" src="/static/mercurial.js"></script>
+
+ <title>$TESTTMP/server: error</title>
+ </head>
+ <body>
+
+ <div class="container">
+ <div class="menu">
+ <div class="logo">
+ <a href="https://mercurial-scm.org/">
+ <img src="/static/hglogo.png" width=75 height=90 border=0 alt="mercurial" /></a>
+ </div>
+ <ul>
+ <li><a href="/shortlog">log</a></li>
+ <li><a href="/graph">graph</a></li>
+ <li><a href="/tags">tags</a></li>
+ <li><a href="/bookmarks">bookmarks</a></li>
+ <li><a href="/branches">branches</a></li>
+ </ul>
+ <ul>
+ <li><a href="/help">help</a></li>
+ </ul>
+ </div>
+
+ <div class="main">
+
+ <h2 class="breadcrumb"><a href="/">Mercurial</a> </h2>
+ <h3>error</h3>
+
+
+ <form class="search" action="/log">
+
+ <p><input name="rev" id="search1" type="text" size="30" value="" /></p>
+ <div id="hint">Find changesets by keywords (author, files, the commit message), revision
+ number or hash, or <a href="/help/revsets">revset expression</a>.</div>
+ </form>
+
+ <div class="description">
+ <p>
+ An error occurred while processing your request:
+ </p>
+ <p>
+ no such method: api
+ </p>
+ </div>
+ </div>
+ </div>
+
+
+
+ </body>
+ </html>
+
+ [1]
Restart server with support for API server