mirror of
https://github.com/go-gitea/gitea.git
synced 2026-03-18 22:22:24 -05:00
Username in HTTPS clone URL #1135
Closed
opened 2025-11-02 03:49:41 -06:00 by GiteaMirror
·
18 comments
No Branch/Tag Specified
main
release/v1.25
release/v1.24
release/v1.23
release/v1.22
release/v1.21
release/v1.20
release/v1.19
release/v1.18
release/v1.17
release/v1.16
release/v1.15
release/v1.14
release/v1.13
release/v1.12
release/v1.11
release/v1.10
release/v1.9
release/v1.8
v1.25.3
v1.25.2
v1.25.1
v1.25.0
v1.24.7
v1.25.0-rc0
v1.26.0-dev
v1.24.6
v1.24.5
v1.24.4
v1.24.3
v1.24.2
v1.24.1
v1.24.0
v1.23.8
v1.24.0-rc0
v1.25.0-dev
v1.23.7
v1.23.6
v1.23.5
v1.23.4
v1.23.3
v1.23.2
v1.23.1
v1.23.0
v1.23.0-rc0
v1.24.0-dev
v1.22.6
v1.22.5
v1.22.4
v1.22.3
v1.22.2
v1.22.1
v1.22.0
v1.23.0-dev
v1.22.0-rc1
v1.21.11
v1.22.0-rc0
v1.21.10
v1.21.9
v1.21.8
v1.21.7
v1.21.6
v1.21.5
v1.21.4
v1.21.3
v1.21.2
v1.20.6
v1.21.1
v1.21.0
v1.21.0-rc2
v1.21.0-rc1
v1.20.5
v1.22.0-dev
v1.21.0-rc0
v1.20.4
v1.20.3
v1.20.2
v1.20.1
v1.20.0
v1.19.4
v1.21.0-dev
v1.20.0-rc2
v1.20.0-rc1
v1.20.0-rc0
v1.19.3
v1.19.2
v1.19.1
v1.19.0
v1.19.0-rc1
v1.20.0-dev
v1.19.0-rc0
v1.18.5
v1.18.4
v1.18.3
v1.18.2
v1.18.1
v1.18.0
v1.17.4
v1.18.0-rc1
v1.19.0-dev
v1.18.0-rc0
v1.17.3
v1.17.2
v1.17.1
v1.17.0
v1.17.0-rc2
v1.16.9
v1.17.0-rc1
v1.18.0-dev
v1.16.8
v1.16.7
v1.16.6
v1.16.5
v1.16.4
v1.16.3
v1.16.2
v1.16.1
v1.16.0
v1.15.11
v1.17.0-dev
v1.16.0-rc1
v1.15.10
v1.15.9
v1.15.8
v1.15.7
v1.15.6
v1.15.5
v1.15.4
v1.15.3
v1.15.2
v1.15.1
v1.14.7
v1.15.0
v1.15.0-rc3
v1.14.6
v1.15.0-rc2
v1.14.5
v1.16.0-dev
v1.15.0-rc1
v1.14.4
v1.14.3
v1.14.2
v1.14.1
v1.14.0
v1.13.7
v1.14.0-rc2
v1.13.6
v1.13.5
v1.14.0-rc1
v1.15.0-dev
v1.13.4
v1.13.3
v1.13.2
v1.13.1
v1.13.0
v1.12.6
v1.13.0-rc2
v1.14.0-dev
v1.13.0-rc1
v1.12.5
v1.12.4
v1.12.3
v1.12.2
v1.12.1
v1.11.8
v1.12.0
v1.11.7
v1.12.0-rc2
v1.11.6
v1.12.0-rc1
v1.13.0-dev
v1.11.5
v1.11.4
v1.11.3
v1.10.6
v1.12.0-dev
v1.11.2
v1.10.5
v1.11.1
v1.10.4
v1.11.0
v1.11.0-rc2
v1.10.3
v1.11.0-rc1
v1.10.2
v1.10.1
v1.10.0
v1.9.6
v1.9.5
v1.10.0-rc2
v1.11.0-dev
v1.10.0-rc1
v1.9.4
v1.9.3
v1.9.2
v1.9.1
v1.9.0
v1.9.0-rc2
v1.10.0-dev
v1.9.0-rc1
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.8.0-rc3
v1.7.6
v1.8.0-rc2
v1.7.5
v1.8.0-rc1
v1.9.0-dev
v1.7.4
v1.7.3
v1.7.2
v1.7.1
v1.7.0
v1.7.0-rc3
v1.6.4
v1.7.0-rc2
v1.6.3
v1.7.0-rc1
v1.7.0-dev
v1.6.2
v1.6.1
v1.6.0
v1.6.0-rc2
v1.5.3
v1.6.0-rc1
v1.6.0-dev
v1.5.2
v1.5.1
v1.5.0
v1.5.0-rc2
v1.5.0-rc1
v1.5.0-dev
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.4.0-rc3
v1.4.0-rc2
v1.3.3
v1.4.0-rc1
v1.3.2
v1.3.1
v1.3.0
v1.3.0-rc2
v1.3.0-rc1
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.2.0-rc3
v1.2.0-rc2
v1.1.4
v1.2.0-rc1
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.2
v1.0.1
v1.0.0
v0.9.99
Labels
Clear labels
$20
$250
$50
$500
backport/done
💎 Bounty
docs-update-needed
good first issue
hacktoberfest
issue/bounty
issue/confirmed
issue/critical
issue/duplicate
issue/needs-feedback
issue/not-a-bug
issue/regression
issue/stale
issue/workaround
lgtm/need 2
modifies/api
modifies/translation
outdated/backport/v1.18
outdated/theme/markdown
outdated/theme/timetracker
performance/bigrepo
performance/cpu
performance/memory
performance/speed
pr/breaking
proposal/accepted
proposal/rejected
pr/wip
pull-request
reviewed/wontfix
💰 Rewarded
skip-changelog
status/blocked
topic/accessibility
topic/api
topic/authentication
topic/build
topic/code-linting
topic/commit-signing
topic/content-rendering
topic/deployment
topic/distribution
topic/federation
topic/gitea-actions
topic/issues
topic/lfs
topic/mobile
topic/moderation
topic/packages
topic/pr
topic/projects
topic/repo
topic/repo-migration
topic/security
topic/theme
topic/ui
topic/ui-interaction
topic/ux
topic/webhooks
topic/wiki
type/bug
type/deprecation
type/docs
type/enhancement
type/feature
type/miscellaneous
type/proposal
type/question
type/refactoring
type/summary
type/testing
type/upstream
Mirrored from GitHub Pull Request
Milestone
No items
No Milestone
Projects
Clear projects
No project
No Assignees
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: github-starred/gitea#1135
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @silverwind on GitHub (Oct 9, 2017).
Two ideas regarding HTTP(s) clone URLs:
https://user@hostname/anotheruser/project. This is important on older git clients (1.x) which do not prompt for a username when a 403 response is received (They just spew the error and exit). On newer git clients, this saves one from typing the username.2) Obtain the protocol via JS fromlocation.protocolinstead of the current hard-codedhttps://. This is useful for cases when gitea is reachable via HTTP but not HTTPS. Another, possibly less reliable option could be to check aX-Forwarded-Protoheader on the server.@Morlinest commented on GitHub (Oct 9, 2017):
About second point. Protocol is not hardcoded.
setting.AppURLis used.@silverwind commented on GitHub (Oct 9, 2017):
Right, but that won't cover the case when one wants to offer both HTTP and HTTPS. It's a rare case but it could be nicely covered by just taking the current protocol from the browser via JS, with a fallback to the AppURL setting when JS is disabled.
@Morlinest commented on GitHub (Oct 9, 2017):
When do you use both at the same time? If you access gitea web on
http://it will behttp, if onhttps://it will behttps. As protocol is part ofApiURLwe would need to implement it other way for everything and in setup we would have to include something like "allowed protocols".@Morlinest commented on GitHub (Oct 9, 2017):
In other words, if gitea is reachable via HTTP, it will be
httpand if via HTTPS it will behttps. Maybe you want to be able to reach gitea on both ports, not when:Right?
@lafriks commented on GitHub (Oct 10, 2017):
There are people using gitea without javascript
@daviian commented on GitHub (Oct 10, 2017):
Why would someone prefer HTTP if HTTPS is available?
If HTTPS is not available http:// is shown anyway.
@silverwind commented on GitHub (Oct 12, 2017):
They probably shouldn't from a security standpoint. If security is of no concern, HTTP generally performs better than HTTPS because of less protocol overhead. Also, I once had case where I could reach HTTP but not HTTPS because of a broken firewall that wasn't under my control. But generally, I agree, HTTPS should be preferred and people who know what they're doing will just change the URL manually after copying it.
Any objections to my first suggestion of including the username in the HTTPS clone URL? I can't think of a downside to it. Less typing and more compatible with git 1.x.
@lafriks commented on GitHub (Oct 12, 2017):
If it has no compatibility issues than I have nothing against first suggestion but that can be done only for private repositories
@silverwind commented on GitHub (Oct 12, 2017):
I have non-private repositories that also require authentication. IIRC, the
REQUIRE_SIGNIN_VIEWallows this configuration. I think the check whether to include the username could beif (repo.private || REQUIRE_SIGNIN_VIEW)(pseudocode).@Morlinest commented on GitHub (Oct 12, 2017):
You can add username only if user is logged. This feature can be added, but not as default.
@silverwind commented on GitHub (Oct 12, 2017):
Yes, of course, that would be anther condition, thought I doubt any of the two above conditions can be true when the user is not logged in.
@namadori commented on GitHub (Jul 4, 2018):
Hi there. I'd like the capability of accessing a specific file including credentials in the URL (e.g. https://user:pass@gitea.server.com/org/proj/raw/branch/master/templates/templates.json ).
That would be useful to host configuration files for other applications that does not support authentication.
Is this included in point 1 from @silverwind ? Any updates in that direction from last october?
@ptman commented on GitHub (Jul 4, 2018):
@namadori Wouldn't it be possible to have a server (apache, nginx, ...) in front of gitea handle basic auth and then pass the authenticated user to gitea in an HTTP header?
REVERSE_PROXY_AUTHENTICATION_USERin config.@stale[bot] commented on GitHub (Jan 20, 2019):
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you for your contributions.
@silverwind commented on GitHub (Feb 20, 2020):
Copying suggestion for username in HTTP(s) clone URL from #10381 here for visibility:
@silverwind commented on GitHub (Feb 21, 2020):
Updated issue title. Regarding dynamic protocol mentioned in OP, I think we can do without as HTTPS is ubiquitous so multi-protocol is likely rarely needed these days.
@eta-orionis commented on GitHub (Aug 17, 2020):
I agree, there should be an option to include the logged-in username in the HTTPS link.
It was a painful day for me today moving repositories from a legacy system and pushing to gitea. (Git 2.28 on a Mac, with the git credentials helper.) I have two accounts, so there were two different credentials for the same server saved in git. Without a username in the URL git was pushing using whatever credentials it happened to pick first, thus failing miserably all the time.
@silverwind commented on GitHub (Dec 18, 2020):
I think actually this is not ideal because it means one has to put their password to actually clone and basic auth cloning is something even GitHub will soon forbid. We should just encourage users to use app tokens to clone and this is what I do today exclusively.