Mercurial > hg
view hgweb.cgi @ 35884:197d10e157ce
httppeer: remove support for connecting to <0.9.1 servers (BC)
Previously, HTTP wire protocol clients would attempt a
"capabilities" wire protocol command. If that failed, they would
fall back to issuing a "between" command.
The "capabilities" command was added in Mercurial 0.9.1 (released
July 2006). The "between" command has been present for as long as
the wire protocol has existed. So if the "between" command failed,
it was safe to assume that the remote could not speak any version
of the Mercurial wire protocol.
The "between" fallback was added in 395a84f78736 in 2011. Before that
changeset, Mercurial would *always* issue the "between" command and
would issue "capabilities" if capabilities were requested. At that time,
many connections would issue "capabilities" eventually, so it was
decided to issue "capabilities" by default and fall back to "between"
if that failed. This saved a round trip when connecting to modern
servers while still preserving compatibility with legacy servers.
Fast forward ~7 years. Mercurial servers supporting "capabilities"
have been around for over a decade. If modern clients are
connecting to <0.9.1 servers, they are getting a bad experience.
They may even be getting bad data (an old server is vulnerable to
numerous security issues and could have been p0wned, leading to a
Mercurial repository serving backdoors or other badness).
In addition, the fallback can harm experience for modern servers.
If a client experiences an intermittent HTTP request failure (due to
bad network, etc) and falls back to a "between" that works, it would
assume an empty capability set and would attempt to communicate with
the repository using a very ancient wire protocol. Auditing HTTP logs
for hg.mozilla.org, I did find a handful of requests for the
null range of the "between" command. However, requests can be days
apart. And when I do see requests, they come in batches. Those
batches seem to correlate to spikes of HTTP 500 or other
server/network events. So I think these requests are fallbacks from
failed "capabilities" requests and not from old clients.
If you need even more evidence to discontinue support, apparently
we have no test coverage for communicating with servers not
supporting "capabilities." I know this because all tests pass
with the "between" fallback removed.
Finally, server-side support for <0.9.1 pushing (the "addchangegroup"
wire protocol command along with locking-related commands) was dropped
from the HTTP client in fda0867cfe03 in 2017 and the SSH client in
9f6e0e7ef828 in 2015.
I think this all adds up to enough justification for removing client
support for communicating with servers not supporting "capabilities."
So this commit removes that fallback.
Differential Revision: https://phab.mercurial-scm.org/D2001
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Fri, 02 Feb 2018 13:13:46 -0800 |
parents | 4b0fc75f9403 |
children | 47ef023d0165 |
line wrap: on
line source
#!/usr/bin/env python # # An example hgweb CGI script, edit as necessary # See also https://mercurial-scm.org/wiki/PublishingRepositories # Path to repo or hgweb config to serve (see 'hg help hgweb') config = "/path/to/repo/or/config" # Uncomment and adjust if Mercurial is not installed system-wide # (consult "installed modules" path from 'hg debuginstall'): #import sys; sys.path.insert(0, "/path/to/python/lib") # Uncomment to send python tracebacks to the browser if an error occurs: #import cgitb; cgitb.enable() from mercurial import demandimport; demandimport.enable() from mercurial.hgweb import hgweb, wsgicgi application = hgweb(config) wsgicgi.launch(application)