Access to package repository is public with REQUIRE_SIGNIN_VIEW #20863
Labels
Milestone
Comments
|
Related to: #20100 Which was closed |
wxiaoguang
added a commit
that referenced
this issue
Sep 21, 2022
Fix #20863 When REQUIRE_SIGNIN_VIEW = true, even with public repositories, you can only see them after you login. The packages should not be accessed without login. Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
Wait for backport |
KN4CK3R
added a commit
to KN4CK3R/gitea
that referenced
this issue
Sep 21, 2022
Fix go-gitea#20863 When REQUIRE_SIGNIN_VIEW = true, even with public repositories, you can only see them after you login. The packages should not be accessed without login. Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
Hello there,
we have a gitea instance hosted to which we enabled the following in the app.ini:
This setting is supposed to make access to the instance non public, i. e. even with public repositories, you can only see them after you signed in.
The new package repository feature introduced in 1.7.0 does not honor this setting - all packages hosted on a public repository on a view protected instance can be downloaded without signing in.
(I can't reproduce on demo site as I have no possibility to make changes to its configuration)
Gitea Version
1.7.0
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
2.7.4
Operating System
Ubuntu 20.04
How are you running Gitea?
Used the precompiled version from the releases page.
Database
MySQL
The text was updated successfully, but these errors were encountered: