On 11/02/2012 09:50 AM, Mark Phippard wrote:
> On Fri, Nov 2, 2012 at 4:13 AM, Ivan Zhakov <i...@visualsvn.com> wrote:
>> Looking forward for your review. Thanks!
>
> + /* Build a Public Resource uri representing repository root. */
> + uri = svn_urlpath__join(dav_svn__get_root_dir(r),
> + svn_path_uri_encode(repos_name, pool), pool);
> +
> + /* Check if GET would work against this uri. */
> + subreq = ap_sub_req_method_uri("GET", uri, r, r->output_filters);
>
> Just a drive-by, so if I am way-off just say so.
>
> I am assuming that since this is doing a GET, the server will have to
> fully process it as if it would for a web browser making the same
> request. So on a repository like the ASF or Wordpress where there are
> a lot of top level folders then the server might have to do a fair
> amount of work to process the request and return. I assume we do not
> care about the content of the response, just the success or failure.
>
> So I am just wondering if there is a lighter weight HTTP request we
> could do that would still trigger the authz check? Something like
> OPTIONS or PROPFIND. Whatever would make sense and be quick to
> process.I think HEAD[1] request would be the appropriate request here. (And I wonder, in retrospect, why we aren't using it for our regular in-repos path-based authz...) -- C-Mike [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html#sec9.4 -- C. Michael Pilato <cmpil...@collab.net> CollabNet <> www.collab.net <> Enterprise Cloud Development
signature.asc
Description: OpenPGP digital signature
