From ab05d5d881d60fe5342af8607e7ef14b0e6fa7ed Mon Sep 17 00:00:00 2001 From: Andrew Thornton Date: Mon, 20 May 2019 20:42:14 +0100 Subject: [PATCH 1/3] Fix #6960 - drop content-type header --- modules/lfs/server.go | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/modules/lfs/server.go b/modules/lfs/server.go index 8ae6326842930..233b911179213 100644 --- a/modules/lfs/server.go +++ b/modules/lfs/server.go @@ -22,8 +22,7 @@ import ( ) const ( - contentMediaType = "application/vnd.git-lfs" - metaMediaType = contentMediaType + "+json" + metaMediaType = "application/vnd.git-lfs+json" ) // RequestVars contain variables from the HTTP request. Variables from routing, json body decoding, and @@ -385,7 +384,6 @@ func Represent(rv *RequestVars, meta *models.LFSMetaObject, download, upload boo } header := make(map[string]string) - header["Accept"] = contentMediaType if rv.Authorization == "" { //https://github.com/github/git-lfs/issues/1088 @@ -415,7 +413,7 @@ func Represent(rv *RequestVars, meta *models.LFSMetaObject, download, upload boo func ContentMatcher(r macaron.Request) bool { mediaParts := strings.Split(r.Header.Get("Accept"), ";") mt := mediaParts[0] - return mt == contentMediaType + return mt != metaMediaType } // MetaMatcher provides a mux.MatcherFunc that only allows requests that contain From b56bbd1a8f7e2f036a3730b7afb99986a5fc20ec Mon Sep 17 00:00:00 2001 From: zeripath Date: Wed, 22 May 2019 07:30:26 +0100 Subject: [PATCH 2/3] As per slonopotamus --- modules/lfs/server.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/modules/lfs/server.go b/modules/lfs/server.go index 233b911179213..b7728b4e9992c 100644 --- a/modules/lfs/server.go +++ b/modules/lfs/server.go @@ -100,10 +100,8 @@ func ObjectOidHandler(ctx *context.Context) { getMetaHandler(ctx) return } - if ContentMatcher(ctx.Req) || len(ctx.Params("filename")) > 0 { - getContentHandler(ctx) - return - } + getContentHandler(ctx) + return } else if ctx.Req.Method == "PUT" && ContentMatcher(ctx.Req) { PutHandler(ctx) return @@ -347,7 +345,7 @@ func VerifyHandler(ctx *context.Context) { return } - if !ContentMatcher(ctx.Req) { + if !MetaMatcher(ctx.Req) { writeStatus(ctx, 400) return } @@ -402,6 +400,7 @@ func Represent(rv *RequestVars, meta *models.LFSMetaObject, download, upload boo if upload && !download { // Force client side verify action while gitea lacks proper server side verification + header["Accept"] = metaMediaType rep.Actions["verify"] = &link{Href: rv.VerifyLink(), Header: header} } From 63f21d51a45649d26970447071b30f66bdf3da07 Mon Sep 17 00:00:00 2001 From: zeripath Date: Wed, 22 May 2019 14:10:09 +0100 Subject: [PATCH 3/3] Drop checking content-type on verify also ensure header map is unique for verify --- modules/lfs/server.go | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/modules/lfs/server.go b/modules/lfs/server.go index b7728b4e9992c..b9f3bbd5f4bd5 100644 --- a/modules/lfs/server.go +++ b/modules/lfs/server.go @@ -345,11 +345,6 @@ func VerifyHandler(ctx *context.Context) { return } - if !MetaMatcher(ctx.Req) { - writeStatus(ctx, 400) - return - } - rv := unpack(ctx) meta, _ := getAuthenticatedRepoAndMeta(ctx, rv, true) @@ -400,8 +395,12 @@ func Represent(rv *RequestVars, meta *models.LFSMetaObject, download, upload boo if upload && !download { // Force client side verify action while gitea lacks proper server side verification - header["Accept"] = metaMediaType - rep.Actions["verify"] = &link{Href: rv.VerifyLink(), Header: header} + verifyHeader := make(map[string]string) + for k, v := range header { + verifyHeader[k] = v + } + verifyHeader["Accept"] = metaMediaType + rep.Actions["verify"] = &link{Href: rv.VerifyLink(), Header: verifyHeader} } return rep