Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
TLDR Problem:
If the
Authorization
HTTP header is already configured via the (local) Git config for the domain where the LFS files are pulled from, Git LFS will send twoAuthorization
HTTP headers, which constitutes and invalid HTTP request and is answered with a 400 Bad Request response by most HTTP servers.TLDR Solution:
Make sure that there is always at most one
Authorization
header, when in doubt, Git LFS should override the local Git config.I have a problem checking out Git LFS files in Gitea Actions using the
actions/checkout@v4
action on my own server.The Action configures the
Authorization
HTTP header for the base URL from where the repository is cloned.The LFS files are served from the very same base URL.
When I run
git lfs pull
, git-lfs sets theAuthorization
header on its own, but then copies the extra HTTP headers from the Git config.The Gitea server itself accepts these malformed HTTP requests.
However I am running the Gitea server behind an NGINX reverse proxy, which rejects these requests and does not forward them.
On Github the same error can be forced by cloning a private repository, and having the
Authorization
header configured forhttps://lfs.github.com
, but why would anyone do this?