docs/config: mention protocol implications of url.insteadOf

If a URL rewrite switches the protocol to something nonstandard (like "persistent-https" for "https"), the user may be bitten by the fact that the default protocol restrictions are different between the two. Let's drop a note in insteadOf that points the user in the right direction. It would be nice if we could make this work out of the box, but we can't without knowing the security implications of the user's rewrite. Only the documentation for a particular remote helper can advise one way or the other. Since we do include the persistent-https helper in contrib/ (and since it was the helper in the real-world case that inspired that patch), let's also drop a note there. Suggested-by: N Elliott Cable <me@ell.io> Signed-off-by: N Jeff King <peff@peff.net> Signed-off-by: N Junio C Hamano <gitster@pobox.com>

docs/config: mention protocol implications of url.insteadOf
If a URL rewrite switches the protocol to something nonstandard (like "persistent-https" for "https"), the user may be bitten by the fact that the default protocol restrictions are different between the two. Let's drop a note in insteadOf that points the user in the right direction. It would be nice if we could make this work out of the box, but we can't without knowing the security implications of the user's rewrite. Only the documentation for a particular remote helper can advise one way or the other. Since we do include the persistent-https helper in contrib/ (and since it was the helper in the real-world case that inspired that patch), let's also drop a note there. Suggested-by: N Elliott Cable <me@ell.io> Signed-off-by: N Jeff King <peff@peff.net> Signed-off-by: N Junio C Hamano <gitster@pobox.com>
2c9a2ae2 · Jeff King · Junio C Hamano · b06d3643 · 2c9a2ae2 · 2c9a2ae2
显示空白变更内容
内联并排

Showing with 17 addition and 0 deletion

Documentation/config.txt Documentation/config.txt +7 -0

contrib/persistent-https/README contrib/persistent-https/README +10 -0

未找到文件。
--- a/Documentation/config.txt
+++ b/Documentation/config.txt
@@ -3208,6 +3208,13 @@ url.<base>.insteadOf::
 	the best alternative for the particular user, even for a
 	never-before-seen repository on the site.  When more than one
 	insteadOf strings match a given URL, the longest match is used.
+
+Note that any protocol restrictions will be applied to the rewritten
+URL. If the rewrite changes the URL to use a custom protocol or remote
+helper, you may need to adjust the `protocol.*.allow` config to permit
+the request.  In particular, protocols you expect to use for submodules
+must be set to `always` rather than the default of `user`. See the
+description of `protocol.allow` above.

 url.<base>.pushInsteadOf::
 	Any URL that starts with this value will not be pushed to;

--- a/contrib/persistent-https/README
+++ b/contrib/persistent-https/README
@@ -35,6 +35,16 @@ to use persistent-https:
 [url "persistent-http"]
 	insteadof = http

+You may also want to allow the use of the persistent-https helper for
+submodule URLs (since any https URLs pointing to submodules will be
+rewritten, and Git's out-of-the-box defaults forbid submodules from
+using unknown remote helpers):
+
+[protocol "persistent-https"]
+	allow = always
+[protocol "persistent-http"]
+	allow = always
+

 #####################################################################
 # BUILDING FROM SOURCE