$TESTTMP/server: error

# HG changeset patch # User Gregory Szorc # Date 1521829213 25200 # Node ID db114320df7ee744047fe9a92a01afc40f9d0e87 # Parent ef6215df240276aecb51390ce7e0021cd78c2ee5 hgweb: don't responsd to api requests unless feature is enabled Per discussion at https://phab.mercurial-scm.org/D2834, new URLs in hgweb can conflict with subrepos and virtual repos. This may prevent access to repos in certain paths or having certain names. Until we have a workaround for this, let's not serve requests for "api/" URLs unless the feature is enabled. Differential Revision: https://phab.mercurial-scm.org/D2936 diff -r ef6215df2402 -r db114320df7e mercurial/hgweb/hgweb_mod.py --- a/mercurial/hgweb/hgweb_mod.py Fri Mar 23 11:20:49 2018 -0700 +++ b/mercurial/hgweb/hgweb_mod.py Fri Mar 23 11:20:13 2018 -0700 @@ -321,8 +321,11 @@ res.headers['Content-Security-Policy'] = rctx.csp # /api/* is reserved for various API implementations. Dispatch - # accordingly. - if req.dispatchparts and req.dispatchparts[0] == b'api': + # accordingly. But URL paths can conflict with subrepos and virtual + # repos in hgwebdir. So until we have a workaround for this, only + # expose the URLs if the feature is enabled. + apienabled = rctx.repo.ui.configbool('experimental', 'web.apiserver') + if apienabled and req.dispatchparts and req.dispatchparts[0] == b'api': wireprotoserver.handlewsgiapirequest(rctx, req, res, self.check_perm) return res.sendresponse() diff -r ef6215df2402 -r db114320df7e tests/test-http-api.t --- a/tests/test-http-api.t Fri Mar 23 11:20:49 2018 -0700 +++ b/tests/test-http-api.t Fri Mar 23 11:20:13 2018 -0700 @@ -8,43 +8,133 @@ Request to /api fails unless web.apiserver is enabled - $ send << EOF - > httprequest GET api - > user-agent: test - > EOF - using raw connection to peer - s> GET /api HTTP/1.1\r\n - s> Accept-Encoding: identity\r\n - s> user-agent: test\r\n - s> host: $LOCALIP:$HGPORT\r\n (glob) - s> \r\n - s> makefile('rb', None) - s> HTTP/1.1 404 Not Found\r\n - s> Server: testing stub value\r\n - s> Date: $HTTP_DATE$\r\n - s> Content-Type: text/plain\r\n - s> Content-Length: 44\r\n - s> \r\n - s> Experimental API server endpoint not enabled + $ get-with-headers.py $LOCALIP:$HGPORT api + 400 no such method: api + + + + + + + + + + $TESTTMP/server: error + + + +

+ + +

error

+ + + + +

+ An error occurred while processing your request: +

+ no such method: api +

+ + + + + + + [1] - $ send << EOF - > httprequest GET api/ - > user-agent: test - > EOF - using raw connection to peer - s> GET /api/ HTTP/1.1\r\n - s> Accept-Encoding: identity\r\n - s> user-agent: test\r\n - s> host: $LOCALIP:$HGPORT\r\n (glob) - s> \r\n - s> makefile('rb', None) - s> HTTP/1.1 404 Not Found\r\n - s> Server: testing stub value\r\n - s> Date: $HTTP_DATE$\r\n - s> Content-Type: text/plain\r\n - s> Content-Length: 44\r\n - s> \r\n - s> Experimental API server endpoint not enabled + $ get-with-headers.py $LOCALIP:$HGPORT api/ + 400 no such method: api + + + + + + + + + + $TESTTMP/server: error + + + +

+ + +

error

+ + + + +

+ An error occurred while processing your request: +

+ no such method: api +

+ + + + + + + [1] Restart server with support for API server

Mercurial

error

Mercurial

error