v2.11.11
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAABAgAGBQJak5tzAAoJEAw69mSf/CECXUMP/1jhP3gcXscicrIDyz06ErYy
9qltMc4hUiJBusjB7WxHYG31O9W4PzuNTPwNrc6mcunf8WGjGJqLqiWt8tseYovt
+gjoWOx4xYy+UYbS+GlKPanxdPmWPTf4hxgqReq0GzhJCc4zm5oAJ40XrPN5NeBK
hsNJ9N16WtEQ88mZTMjXEtBl2Dox2+uwtTiI3LQeCxTmeDpsbK8wkbAcoFyTsVsr
H/sXaw/kD/jPf3Z6lVcKTZf7ZtjWg/JeQ2nEFznJTPnUpivhjmPkeDo8pv9F1Mlf
/gXIIVCYeb0WLTkwHoX9QPoTW96Y2Au30oY6uQkl1hgsx1Myt/4rRWlEDOXV1W1S
rtwdx3XK7ClhjdMr9B4lwEX5TtWd1UGrUs01YuxWlWBU2+/cU/P7YTXCbSzMvq6I
iqo+lUSFvq97HBHB+wRrmncmvtZUrG3ChLAJVgrgPRQRQkvWMSwmQ+oTPHVtQqF5
7dr91UYAP7cOWSrypoN4qF+gLR8VQ5if62b0zhVjX/1zG3rU9BTdmcVdW7OgWeaA
JQnHh3z0p+s8Qt6WgnWZ5Xmve5i2jNrgRIALL8e030DB6bGm0nBrywm/efIqu3ri
m4g+kTgu51zFAGY9q1PbE2d9bU5GUOyF7MUcQcULF2HuQVyAkfwNVWYI/xPPtG/j
DHcFDEVhsOpGWBt6I1Zw
=eQLL
-----END PGP SIGNATURE-----
Include '/a' into HttpScheme URLs to trigger authentication

There are 2 HTTP download schemes, AnonymousHttpScheme and HttpScheme.
Since HttpScheme is not anonymous its URLs should include the '/a'
prefix to trigger user authentication.

Not having the '/a' prefix may lead to problems when a part of the
project is visible to Anonymous Users. In this case authentication is
never triggered. This is because for HTTP the first request is always
anonymous and then the server must say that authentication is
required. Only then the client can send user credrentials. If a
project is (partly) visible to Anonymous Users then the first
anonymous request is always successful and authentication never
happens. If the user is not authenticated refs which are not visible
to Anonymous Users, but for which the user has read access, are not
visible.

Change-Id: Ib16b8184f590a9d9896dbf56bd9e3bbf25d57c76
Signed-off-by: Edwin Kempin <edwin.kempin@sap.com>
1 file changed
tree: d3e09606946cfdcd28e7954ffeb3eaa7cb049f96
  1. .gitignore
  2. BUCK
  3. LICENSE
  4. src/