Re: More detailed error message for 403 forbidden.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Mar 27, 2013 at 12:29:57PM +0900, Yi, EungJun wrote:

> Currently, if user tried to access a git repository via HTTP and it
> fails because the user's permission is not enough to access the
> repository, git client tells that http request failed and the error
> was 403 forbidden.

The situations in which you'll get a 403 depend on how the server is
configured. For instance, on github.com, if you successfully
authenticate but are not authorized to access a repository, you get a
404 (we do this to avoid leaking information about which private
repositories exist). But we do provide a 403 if you try to access the
repository with a non-smart-http client.

So the "403 forbidden" there is not about your account, but about the
method; if git is going to give a more verbose message, it needs to be
careful not to mislead the user.

> It would be much better if git client shows response body which might
> include an explanation of the failure. For example,
> [...]
> $ git clone http://localhost/foo/bar
> error: The requested URL returned error: 403 while accessing
> http://localhost/foo/bar
> remote: User 'me' does not have enough permission to access the repository.
> fatal: HTTP request failed

I agree that is the best way forward, as that means the server is
telling us what is going on, and we are not guessing about the meaning
of the 403.

One problem is that the content body sent along with the error is not
necessarily appropriate for showing to the user (e.g., if it is HTML, it
is probably not a good idea to show it on the terminal). So I think we
would want to only show it when the server has indicated via the
content-type that the message is meant to be shown to the user. I'm
thinking the server would generate something like:

   HTTP/1.1 403 Forbidden
   Content-type: application/x-git-error-message

   User 'me' does not have enough permission to access the repository.

which would produce the example you showed above.

-Peff
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]