Include '/a' into HttpScheme URLs to trigger authentication
There are 2 HTTP download schemes, AnonymousHttpScheme and HttpScheme.
Since HttpScheme is not anonymous its URLs should include the '/a'
prefix to trigger user authentication.
Not having the '/a' prefix may lead to problems when a part of the
project is visible to Anonymous Users. In this case authentication is
never triggered. This is because for HTTP the first request is always
anonymous and then the server must say that authentication is
required. Only then the client can send user credrentials. If a
project is (partly) visible to Anonymous Users then the first
anonymous request is always successful and authentication never
happens. If the user is not authenticated refs which are not visible
to Anonymous Users, but for which the user has read access, are not
Signed-off-by: Edwin Kempin <firstname.lastname@example.org>
1 file changed