On Sun, 23 Jun 2024 at 16:17, Tobias Klausmann <klaus...@schwarzvogel.de> wrote:
> Hi! > > On https://pkg.go.dev/cmd/go#hdr-Remote_import_paths, in the section > about using meta tags to redirect from some domain to a known forge, it > says: > > > For example, > > > > `import "example.org/pkg/foo"` > > > > will result in the following requests: > > > > `https://example.org/pkg/foo?go-get=1` > <https://example.org/pkg/foo?go-get=1> > > > > If that page contains the meta tag > > > > `<meta name="go-import" content="example.org git > https://code.org/r/p/exproj";>` > > > > the go tool will verify that https://example.org/?go-get=1 contains > > the same meta tag and then git clone https://code.org/r/p/exproj into > > GOPATH/src/example.org. > > This is confusing me. I get that https://example.org/pkg/foo?go-get=1 > should have a meta tag of this form: > > ``` > <meta name="go-import" content="example.org git > https://code.org/r/p/exproj";> > ``` > > But what meta tag should the / page have? The same? Then just doing this > with static files (which I vastly prefer) is not possible. Most web servers automatically serve an `index.html` for a request to a directory. The intent is to use something like that. Though note that you can also use a fuller path: That is, if your git-repo is at ` https://code.org/r/exproj` and has import path `example.com/exproj`, you can host a single HTML file at `example.com/exproj` containing `<meta name="go-import" content="example.org/exproj git https://code.org/r/p/exproj";>` (I believe). It's also unclear what purpose this has (or why the request to /pkg/foo is > made). > The Request to `/pkg/foo` is made, because the Go tool does not know whether the repository root (today probably the module path) is at the import path referred to as `example.com/pkg/foo`, `example.com/pkg` (and the wanted package is in the folder `foo` of that repo) or `example.com` (and the wanted package is in the folder `pkg/foo` of that repo). Making the deepest request first is intended to answer that question. I'm not entirely certain what the purpose of the second request is. My guess is, that it is to prevent some form of hijacking, but how exactly that would work, I'm not sure off the top of my hat. > > Can anybody shed some light? > > Best, > Tobias > > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/golang-nuts/a0a7d30f-8e83-4769-8e03-dd57a76a8a88%40skade.local > . > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/CAEkBMfGM-ArvDixPmPpOYXB-87V_XYAKqhuAEd6FOA-PeHLPkw%40mail.gmail.com.
