path: root/http.c
diff options
authorBrandon Williams <>2016-12-14 22:39:54 (GMT)
committerJunio C Hamano <>2016-12-15 17:29:13 (GMT)
commita768a02265f3b8f43e37f66a0a3affba92c830c7 (patch)
tree332839901fe7f390b20c28ebfbbb1e329a987ce0 /http.c
parentaeae4db1747d891dc3aee6a74508c585c321cc49 (diff)
transport: add from_user parameter to is_transport_allowed
Add a from_user parameter to is_transport_allowed() to allow http to be able to distinguish between protocol restrictions for redirects versus initial requests. CURLOPT_REDIR_PROTOCOLS can now be set differently from CURLOPT_PROTOCOLS to disallow use of protocols with the "user" policy in redirects. This change allows callers to query if a transport protocol is allowed, given that the caller knows that the protocol is coming from the user (1) or not from the user (0) such as redirects in libcurl. If unknown a -1 should be provided which falls back to reading `GIT_PROTOCOL_FROM_USER` to determine if the protocol came from the user. Signed-off-by: Brandon Williams <> Signed-off-by: Junio C Hamano <>
Diffstat (limited to 'http.c')
1 files changed, 7 insertions, 7 deletions
diff --git a/http.c b/http.c
index f7c488a..2208269 100644
--- a/http.c
+++ b/http.c
@@ -489,17 +489,17 @@ static void set_curl_keepalive(CURL *c)
-static long get_curl_allowed_protocols(void)
+static long get_curl_allowed_protocols(int from_user)
long allowed_protocols = 0;
- if (is_transport_allowed("http"))
+ if (is_transport_allowed("http", from_user))
allowed_protocols |= CURLPROTO_HTTP;
- if (is_transport_allowed("https"))
+ if (is_transport_allowed("https", from_user))
allowed_protocols |= CURLPROTO_HTTPS;
- if (is_transport_allowed("ftp"))
+ if (is_transport_allowed("ftp", from_user))
allowed_protocols |= CURLPROTO_FTP;
- if (is_transport_allowed("ftps"))
+ if (is_transport_allowed("ftps", from_user))
allowed_protocols |= CURLPROTO_FTPS;
return allowed_protocols;
@@ -588,9 +588,9 @@ static CURL *get_curl_handle(void)
#if LIBCURL_VERSION_NUM >= 0x071304
curl_easy_setopt(result, CURLOPT_REDIR_PROTOCOLS,
- get_curl_allowed_protocols());
+ get_curl_allowed_protocols(0));
curl_easy_setopt(result, CURLOPT_PROTOCOLS,
- get_curl_allowed_protocols());
+ get_curl_allowed_protocols(-1));
warning("protocol restrictions not applied to curl redirects because\n"
"your curl version is too old (>= 7.19.4)");