Mercurial > public > mercurial-scm > hg
comparison mercurial/hgweb/common.py @ 17456:59a168019255
hgweb: respond 403 forbidden for ssl required error
It's preferable to report "ssl required" as an error, so that the client
can detect error and exit with 255. Currently hg exits with 1, which is
"nothing to push."
| author | Yuya Nishihara <yuya@tcha.org> |
|---|---|
| date | Wed, 05 Sep 2012 23:59:27 +0900 |
| parents | e34106fa0dc3 |
| children | e33b9b92a200 |
comparison
equal
deleted
inserted
replaced
| 17455:2212af23c9de | 17456:59a168019255 |
|---|---|
| 46 | 46 |
| 47 # require ssl by default for pushing, auth info cannot be sniffed | 47 # require ssl by default for pushing, auth info cannot be sniffed |
| 48 # and replayed | 48 # and replayed |
| 49 scheme = req.env.get('wsgi.url_scheme') | 49 scheme = req.env.get('wsgi.url_scheme') |
| 50 if hgweb.configbool('web', 'push_ssl', True) and scheme != 'https': | 50 if hgweb.configbool('web', 'push_ssl', True) and scheme != 'https': |
| 51 raise ErrorResponse(HTTP_OK, 'ssl required') | 51 raise ErrorResponse(HTTP_FORBIDDEN, 'ssl required') |
| 52 | 52 |
| 53 deny = hgweb.configlist('web', 'deny_push') | 53 deny = hgweb.configlist('web', 'deny_push') |
| 54 if deny and (not user or deny == ['*'] or user in deny): | 54 if deny and (not user or deny == ['*'] or user in deny): |
| 55 raise ErrorResponse(HTTP_UNAUTHORIZED, 'push not authorized') | 55 raise ErrorResponse(HTTP_UNAUTHORIZED, 'push not authorized') |
| 56 | 56 |