Skip to content

Fix content download and /verify LFS handler expecting wrong content-type #7015

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 24, 2019
Merged

Fix content download and /verify LFS handler expecting wrong content-type #7015

merged 2 commits into from
May 24, 2019

Conversation

slonopotamus
Copy link
Contributor

@slonopotamus slonopotamus commented May 22, 2019
edited
Loading

Fixes #6960

According to spec, /verify requests must have Accept: application/vnd.git-lfs+json

Previous code works because git-lfs also violates spec and doesn't send any Accept header at all
For other clients that DO set Accept: application/vnd.git-lfs+json, addition of Accept: application/vnd.git-lfs
either forces them to violate the spec or is ignored, depending on order in what they create header list.

@slonopotamus
Fix /verify LFS handler expecting wrong content-type
64c2ec6 
Fixes go-gitea#6960

According to [spec][1], /verify requests must have `Accept: application/vnd.git-lfs+json`

Previous code works because `git-lfs` also [violates spec and doesn't send any Accept header at all][2]
For other clients that DO set `Accept: application/vnd.git-lfs+json`, addition of `Accept: application/vnd.git-lfs`
either forces them to violate the spec or is ignored, depending on order in what they create header list.

[1]: https://github.com/git-lfs/git-lfs/blob/master/docs/api/basic-transfers.md#verification
[2]: git-lfs/git-lfs#3662
@slonopotamus slonopotamus mentioned this pull request May 22, 2019
Closed
@codecov-io
Copy link

codecov-io commented May 22, 2019
edited
Loading

Codecov Report

❗ No coverage uploaded for pull request base (master@61f00bc). Click here to learn what that means.
The diff coverage is 90.9%.

Impacted file tree graph

@@            Coverage Diff            @@
##             master    #7015   +/-   ##
=========================================
  Coverage          ?   41.49%           
=========================================
  Files             ?      441           
  Lines             ?    59504           
  Branches          ?        0           
=========================================
  Hits              ?    24689           
  Misses            ?    31590           
  Partials          ?     3225
Impacted Files Coverage Δ
modules/lfs/server.go 44.13% <90.9%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 61f00bc...87a0cec. Read the comment docs.

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label May 22, 2019
@slonopotamus slonopotamus mentioned this pull request May 22, 2019
Closed
@zeripath zeripath changed the title Fix /verify LFS handler expecting wrong content-type Fix content download and /verify LFS handler expecting wrong content-type May 23, 2019
@zeripath
Copy link
Contributor

OK @slonopotamus I've closed my PR in preference to yours - the only difference I can see is that you're demanding that the lfs-client has to send to /verify with the correct content-type.

(BTW We do use different urls for verify and download. What don't use is different urls for download content vs. meta that is determined by content-type.)

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels May 23, 2019
@zeripath zeripath added this to the 1.9.0 milestone May 23, 2019
@slonopotamus
Copy link
Contributor Author

Btw, git-lfs agreed that it is a bug on their side that they don't set Accept header for verify url and are going to fix it: git-lfs/git-lfs#3663

@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels May 24, 2019
@zeripath zeripath merged commit 844f9a4 into go-gitea:master May 24, 2019
@slonopotamus slonopotamus deleted the patch-1 branch May 24, 2019 21:30
jeffliu27 pushed a commit to jeffliu27/gitea that referenced this pull request Jul 18, 2019
@slonopotamus @jeffliu27
Fix /verify LFS handler expecting wrong content-type (go-gitea#7015)
eeb4532 
Fixes go-gitea#6960

According to [spec][1], /verify requests must have `Accept: application/vnd.git-lfs+json`

Previous code works because `git-lfs` also [violates spec and doesn't send any Accept header at all][2]
For other clients that DO set `Accept: application/vnd.git-lfs+json`, addition of `Accept: application/vnd.git-lfs`
either forces them to violate the spec or is ignored, depending on order in what they create header list.

[1]: https://github.com/git-lfs/git-lfs/blob/master/docs/api/basic-transfers.md#verification
[2]: git-lfs/git-lfs#3662
@go-gitea go-gitea locked and limited conversation to collaborators Nov 24, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lafriks lafriks lafriks approved these changes

+1 more reviewer

@zeripath zeripath zeripath approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug
Projects
None yet
Milestone
1.9.0
Development

Successfully merging this pull request may close these issues.

Gitea attempts to replace Accept header for LFS requests
5 participants
@slonopotamus @codecov-io @zeripath @lafriks @GiteaBot