Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Turning on basic auth with HttpAuth Module no longer allows pushing in v0.2x #21

Closed
ferventcoder opened this issue Jan 11, 2018 · 1 comment
Closed

Turning on basic auth with HttpAuth Module no longer allows pushing in v0.2x #21

ferventcoder opened this issue Jan 11, 2018 · 1 comment
Assignees
@ferventcoder
Labels
bug
Milestone
0.2.2

Comments

@ferventcoder
Copy link
Contributor

ferventcoder commented Jan 11, 2018
edited
Loading

Let's look to use verbs in authorization and simplify the paths.
@ferventcoder ferventcoder added this to the 0.2.2 milestone Jan 11, 2018
@ferventcoder ferventcoder self-assigned this Jan 11, 2018
@ferventcoder ferventcoder changed the title Authorization turned on does not allow pushing (v0.2.0+) Turning on basic auth through httpAuth module does not allow pushing (v0.2.0+) Jan 11, 2018
@ferventcoder
Copy link
Contributor Author

This will be released in v0.2.2

@ferventcoder ferventcoder changed the title Turning on basic auth through httpAuth module does not allow pushing (v0.2.0+) Turning on basic auth with HttpAuth Module no longer allows pushing in v0.2x Jan 11, 2018
ferventcoder added a commit that referenced this issue Jan 11, 2018
@ferventcoder
(GH-21) Fix: Turning on auth does not allow push
6d7c5cd 
Use verbs to specify that PUT and POST are still allowed, but any other
verbs would fall into the deny rule. As the rules are evaluated in
order, a PUT and POST would be allowed and the deny rule would apply to
all other requests.

Simplify the security aspects by removing other location paths as they
are no longer necessary given this is a solution that works for the
entire site.

Given this change, it means that even the top level url will not be
accessible without credentials, further securing down the site.
ferventcoder added a commit that referenced this issue Jan 11, 2018
@ferventcoder
(GH-21) Provide auth instructions
df1fd04 
Update the instructions to give all steps required to turn on basic
auth using the HttpAuth module. With the simplifications it could be a
matter of two touchpoints in the config file to be protected.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ferventcoder ferventcoder

Labels
bug
Projects
None yet
Milestone
0.2.2
Development

No branches or pull requests
1 participant
@ferventcoder