On 2022-04-26 at 15:57:39, Drew Green via GitGitGadget wrote: > From: agreenbhm <agreenbhm@xxxxxxxxx> > > Added support for environment variable "CURLOPT_CUSTOMREQUEST" > and config option "http.customrequest" to allow setting the Curl > option to override the default request method used by HTTP Git > operations. Primary reason for this is to allow support for > cloning repositories where only GET requests > are allowed by a local web proxy but not POSTs. When cloning > a repo first a GET is made to the server and then a > POST is made to the "git-upload-pack" endpoint. In some > corporate environments with strong controls > only GET requests are allowed to known repository hosts (such > as GitHub) through a web proxy to prevent data leakage. Using this > new setting, a user can set the "CURLOPT_CUSTOMREQUEST=GET" env at runtime > or "http.customrequest = GET" in their config file which will > change the second request from a POST to a GET, bypassing > web proxy restrictions on the type of requests allowed. > Tested with GitHub, changing the request from POST to GET still > results in the expected behavior of the repo successfully being cloned. I don't think this is a good idea. It may happen that GitHub or other servers happen to accept a GET request here, but that is a bug and should be fixed. It is definitely not something we should depend on or rely on, and it isn't a documented part of the protocol. If your corporate environment doesn't allow POST requests, you may wish to use SSH for Git operations instead, or you may need to explain to your company why you cannot do your job with their proxy in place. -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature
