Hi, When doing basic authentication using git clone by passing the username and password in the url git clone will first send a GET request without the authorization header set. Am i seeing this right? This means that if the counterpart allows anonymous cloning but not pushing and the user provided a wrong usernam/password, it has two options: 1. Allow the access and leave the user to figure out why he is not able to push. 2. Reply by setting the WWW-Authentication header and see if a password/username is provided. This has the downside that if no username and password is provided the user will still get a login prompt for password and username. Upon entering twice nothing he will still be able to clone. This can be confusing. Can this behaviour of git clone (and I guess all the other parts that do basic auth) be changed to provide the authentication header right on the first request? Or am I doing/interpreting it wrong? Thank you. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html