diff options
author | Junio C Hamano <gitster@pobox.com> | 2016-12-19 22:45:31 (GMT) |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2016-12-19 22:45:32 (GMT) |
commit | 8a2882f23ecce3a8742743555a408e508d4db806 (patch) | |
tree | 3e543652bc74d5401d6c3858410ad434ae02451a /Documentation | |
parent | 73e494f86239b7edcf44f4c185c997b05c0e763b (diff) | |
parent | cb4d2d35c4622ec2513c1c352d30ff8f9f9cdb9e (diff) | |
download | git-8a2882f23ecce3a8742743555a408e508d4db806.zip git-8a2882f23ecce3a8742743555a408e508d4db806.tar.gz git-8a2882f23ecce3a8742743555a408e508d4db806.tar.bz2 |
Merge branch 'jk/http-walker-limit-redirect-2.9'
Transport with dumb http can be fooled into following foreign URLs
that the end user does not intend to, especially with the server
side redirects and http-alternates mechanism, which can lead to
security issues. Tighten the redirection and make it more obvious
to the end user when it happens.
* jk/http-walker-limit-redirect-2.9:
http: treat http-alternates like redirects
http: make redirects more obvious
remote-curl: rename shadowed options variable
http: always update the base URL for redirects
http: simplify update_url_from_redirect
Diffstat (limited to 'Documentation')
-rw-r--r-- | Documentation/config.txt | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/Documentation/config.txt b/Documentation/config.txt index a0ab66a..d51182a 100644 --- a/Documentation/config.txt +++ b/Documentation/config.txt @@ -1891,6 +1891,16 @@ http.userAgent:: of common USER_AGENT strings (but not including those like git/1.7.1). Can be overridden by the `GIT_HTTP_USER_AGENT` environment variable. +http.followRedirects:: + Whether git should follow HTTP redirects. If set to `true`, git + will transparently follow any redirect issued by a server it + encounters. If set to `false`, git will treat all redirects as + errors. If set to `initial`, git will follow redirects only for + the initial request to a remote, but not for subsequent + follow-up HTTP requests. Since git uses the redirected URL as + the base for the follow-up requests, this is generally + sufficient. The default is `initial`. + http.<url>.*:: Any of the http.* options above can be applied selectively to some URLs. For a config key to match a URL, each element of the config key is |