Issue 2595: Add ability for anonymous users to be prompted for credentials on gitweb.
Status:  Released
Owner: ----
Closed:  Oct 2014
Reported by jamestn...@gmail.com, Apr 8, 2014
************************************************************
***** NOTE: THIS BUG TRACKER IS FOR GERRIT CODE REVIEW *****
***** DO NOT SUBMIT BUGS FOR CHROME, ANDROID, INTERNAL *****
***** ISSUES WITH YOUR COMPANY'S GERRIT SETUP, ETC.    *****
***** THOSE ISSUE BELONG IN DIFFERENT ISSUE TRACKERS!  *****
************************************************************

Affected Version:

What steps will reproduce the problem?
1. creat a project foo with no anonymous access
2. login to gerrit and navigate to gitweb for that project https://server/gitweb?p=foo.git;a=summary
3. verify the link works
4. return to gerrit and logot
5. navigate to https://server/gitweb?p=foo.git;a=summary


What is the expected output? What do you see instead?

I expect to be prompted for credentials

what I get is a 404 page.

Please provide any additional information below.

this is correctly to prevent informmation leaking (about projects that exist).
However Gerrit itself does not prevent this leakage when cloning a project.

It should also be possible to prompt for authentication regardless of if the project (resource) existed or not - thereby providing this functionality without any information leak.

That is you should only send a 404 for authenticated users.
anonymous requests for https://server/gitweb?p=doesnotexists.git;a=summary should also result in a http 401 status code.

Apr 8, 2014
Project Member #1 david.pu...@sonymobile.com
https://gerrit-review.googlesource.com/#/c/55813/
Status: ChangeUnderReview
Jun 23, 2014
Project Member #2 edwin.ke...@gmail.com
(No comment was entered for this change.)
Labels: FixedIn-2.10
Oct 8, 2014
Project Member #3 huga...@gmail.com
(No comment was entered for this change.)
Status: Submitted
Jan 27, 2015
Project Member #4 ziv...@gmail.com
(No comment was entered for this change.)
Status: Released