Tarmigan <tarmigan+git@xxxxxxxxx> wrote: > On Mon, Dec 28, 2009 at 10:59 AM, Shawn O. Pearce <spearce@xxxxxxxxxxx> wrote: > > Tarmigan <tarmigan+git@xxxxxxxxx> wrote: > >> I've been thinking that the not_found() to a forbidden() instead. > > > > Because you can't resolve the access error by authenticating to > > the server, we may actually want to just return not_found() here > > with a message in the log of "Repository not exported: '%s'". > > I'm no http expert, but isn't that what 401 would be? From > http://tools.ietf.org/html/rfc2616#section-10.4.4 > 403 Forbidden > The server understood the request, but is refusing to fulfill it. > Authorization will not help and the request SHOULD NOT be repeated. > If the request method was not HEAD and the server wishes to make > public why the request has not been fulfilled, it SHOULD describe the > reason for the refusal in the entity. If the server does not wish to > make this information available to the client, the status code 404 > (Not Found) can be used instead. > which to me points to 403 instead of 404. Good point, that is 403. But the last sentance leads me to believe 404 might be a better use here. Under git-daemon we don't tell the client the difference between "Not Found" and "Not Exported", so I think we should be doing the same thing here under HTTP. -- Shawn. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html