mirror of
https://github.com/freedombox/FreedomBox.git
synced 2026-01-28 08:03:36 +00:00
3001099cda
When using git-http-backend, both URLs ending with and without .git are allowed. However, access restriction has only be applied for URLs ending with .git. This means that private git repositories are clone-able by anonymous users by removing the .git suffix in the URLs. Fix the issue by extending the access restriction to cover URLs not ending with .git. Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>