Mercurial > hg
view tests/test-pull-http.t @ 37048:fc5e261915b9
wireproto: require POST for all HTTPv2 requests
Wire protocol version 1 transfers argument data via request
headers by default. This has historically caused problems because
servers institute limits on the length of individual HTTP headers
as well as the total size of all request headers. Mercurial servers
can advertise the maximum length of an individual header. But
there's no guarantee any intermediate HTTP agents will accept
headers up to that length.
In the existing wire protocol, server operators typically also
key off the HTTP request method to implement authentication.
For example, GET requests translate to read-only requests and
can be allowed. But read-write commands must use POST and require
authentication. This has typically worked because the only wire
protocol commands that use POST modify the repo (e.g. the
"unbundle" command).
There is an experimental feature to enable clients to transmit
argument data via POST request bodies. This is technically a
better and more robust solution. But we can't enable it by default
because of servers assuming POST means write access.
In version 2 of the wire protocol, the permissions of a request
are encoded in the URL. And with it being a new protocol in a new
URL space, we're not constrained by backwards compatibility
requirements.
This commit adopts the technically superior mechanism of using
HTTP request bodies to send argument data by requiring POST for
all commands. Strictly speaking, it may be possible to send
request bodies on GET requests. But my experience is that not all
HTTP stacks support this. POST pretty much always works. Using POST
for read-only operations does sacrifice some RESTful design
purity. But this API cares about practicality, not about being
in Roy T. Fielding's REST ivory tower.
There's a chance we may relax this restriction in the future. But
for now, I want to see how far we can get with a POST only API.
Differential Revision: https://phab.mercurial-scm.org/D2837
author | Gregory Szorc <gregory.szorc@gmail.com> |
---|---|
date | Tue, 13 Mar 2018 11:57:43 -0700 |
parents | e3c228b4510d |
children | 165a77f7ec13 |
line wrap: on
line source
#require killdaemons $ hg init test $ cd test $ echo a > a $ hg ci -Ama adding a $ cd .. $ hg clone test test2 updating to branch default 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ cd test2 $ echo a >> a $ hg ci -mb Cloning with a password in the URL should not save the password in .hg/hgrc: $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log $ cat hg.pid >> $DAEMON_PIDS $ hg clone http://foo:xyzzy@localhost:$HGPORT/ test3 requesting all changes adding changesets adding manifests adding file changes added 2 changesets with 2 changes to 1 files new changesets cb9a9f314b8b:ba677d0156c1 updating to branch default 1 files updated, 0 files merged, 0 files removed, 0 files unresolved $ cat test3/.hg/hgrc # example repository config (see 'hg help config' for more info) [paths] default = http://foo@localhost:$HGPORT/ # path aliases to other clones of this repo in URLs or filesystem paths # (see 'hg help config.paths' for more info) # # default:pushurl = ssh://jdoe@example.net/hg/jdoes-fork # my-fork = ssh://jdoe@example.net/hg/jdoes-fork # my-clone = /home/jdoe/jdoes-clone [ui] # name and email (local to this repository, optional), e.g. # username = Jane Doe <jdoe@example.com> $ killdaemons.py expect error, cloning not allowed $ echo '[web]' > .hg/hgrc $ echo 'allowpull = false' >> .hg/hgrc $ hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log $ cat hg.pid >> $DAEMON_PIDS $ hg clone http://localhost:$HGPORT/ test4 # bundle2+ abort: authorization failed [255] $ hg clone http://localhost:$HGPORT/ test4 --config devel.legacy.exchange=bundle1 abort: authorization failed [255] $ killdaemons.py serve errors $ cat errors.log $ req() { > hg serve -p $HGPORT -d --pid-file=hg.pid -E errors.log > cat hg.pid >> $DAEMON_PIDS > hg --cwd ../test pull http://localhost:$HGPORT/ > killdaemons.py hg.pid > echo % serve errors > cat errors.log > } expect error, pulling not allowed $ req pulling from http://localhost:$HGPORT/ abort: authorization failed % serve errors $ cd ..