mirror of
https://codeberg.org/git-pages/git-pages.git
synced 2026-06-10 13:30:49 +00:00
Add a comment on threat model (lack thereof) for Basic-Auth:.
V12-Ref: F-77238, F-77261
This commit is contained in:
@@ -237,6 +237,8 @@ func ApplyHeaderRules(manifest *Manifest, url *url.URL) (
|
||||
return
|
||||
}
|
||||
|
||||
// Note that `Basic-Auth:` is not a security mechanism; it is provided on a best-effort basis
|
||||
// and not expected to be resistant against malicious misuse.
|
||||
func ApplyBasicAuthRules(manifest *Manifest, url *url.URL, r *http.Request) (bool, error) {
|
||||
if rule := matchPathRules(manifest.BasicAuth, url); rule == nil {
|
||||
// no matches, authorized by default
|
||||
|
||||
Reference in New Issue
Block a user