| commit | 8a2882f23ecce3a8742743555a408e508d4db806 | |
| author | Junio C Hamano <gitster@pobox.com> | |
| Mon, 19 Dec 2016 22:45:31 +0000 (19 14:45 -0800) | ||
| committer | Junio C Hamano <gitster@pobox.com> | |
| Mon, 19 Dec 2016 22:45:32 +0000 (19 14:45 -0800) | ||
| tree | 3e543652bc74d5401d6c3858410ad434ae02451a | treesnapshot (tar.gz zip) |
| parent | 73e494f86239b7edcf44f4c185c997b05c0e763b | commitdiff |
| parent | cb4d2d35c4622ec2513c1c352d30ff8f9f9cdb9e | commitdiff |
Merge branch 'jk/http-walker-limit-redirect-2.9'
Transport with dumb http can be fooled into following foreign URLs
that the end user does not intend to, especially with the server
side redirects and http-alternates mechanism, which can lead to
security issues. Tighten the redirection and make it more obvious
to the end user when it happens.
* jk/http-walker-limit-redirect-2.9:
http: treat http-alternates like redirects
http: make redirects more obvious
remote-curl: rename shadowed options variable
http: always update the base URL for redirects
http: simplify update_url_from_redirect
Transport with dumb http can be fooled into following foreign URLs
that the end user does not intend to, especially with the server
side redirects and http-alternates mechanism, which can lead to
security issues. Tighten the redirection and make it more obvious
to the end user when it happens.
* jk/http-walker-limit-redirect-2.9:
http: treat http-alternates like redirects
http: make redirects more obvious
remote-curl: rename shadowed options variable
http: always update the base URL for redirects
http: simplify update_url_from_redirect