httppostargs=true for Kallithea

Ansis Māliņš ansis.malins at gmail.com
Mon Oct 11 17:32:26 UTC 2021


I've been looking at Kallithea as something better than plain hgweb. I set
up an instance and imported a copy of my repository and tried to clone it.
The Mercurial client hung in the process. From the Nginx logs I fished out
a 400 code that Kallithea passed in response to the batch request from the
client.

Regarding limits, I already removed or raised all the limits in my Nginx
reverse proxy years ago when I first encountered header size issues, but
the repository grew and grew until hgweb itself started falling over.
People over at the Mercurial IRC channel suggested httppostargs=true, and
that saved me. What httppostargs seems to do is make all requests POST
requests.

Are you suggesting that I should be able to just add
baseui.setconfig(b'experimental', b'httppostargs', True)
in make_ui in utils.py and get httppostargs working at the expense of
breaking read permissions? Looking at simplehg.py, it looks like it would
need to be changed to detect the X-HgArgs-Post header (see
wireprotocol.txt) and read args from the right place, otherwise
parsed_request.action = None, which leads to
raise webob.exc.HTTPBadRequest('Unable to detect pull/push action for %r!
Are you using a nonstandard command or client?' % parsed_request.repo_name)

https://www.mercurial-scm.org/repo/hg/file/tip/mercurial/helptext/internals/wireprotocol.txt


On Mon, Oct 11, 2021 at 3:40 PM Mads Kiilerich <mads at kiilerich.com> wrote:

> Hi
>
> In what way do you experience that it doesn't work with Kallithea?
>
> Kallithea implements a custom wrapper around hgweb. Mainly to provide
> integrated hosting with correct access control. It is a basic assumption
> that reads are with GET and writes are with POST.
>
> Without being told more about how httppostargs works / fails (and without
> spending time investigating) I would assume that it works fine for users
> with write access to repositories.
>
> A more fine grained separation would require some refactorings ... and a
> risk of getting it wrong and introducing security issues.
>
> If I remember correctly, the Mercurial client also has a max limit of how
> large headers it will send. But mainly: For most web servers it is possible
> to adjust the header limit to work with most repositories. That is
> apparently also possible with IIS, even if that is one of your constraints.
> Does that not work for you? Else, I would suggest using another web server,
> preferably on unix.
>
> /Mads
>
>
>
> On 10/11/21 15:16, Ansis Māliņš wrote:
>
> Hello. I would really like to use Kallithea, but there's a deal breaker:
> Kallithea does not support httppostargs=true, an almost undocumented
> setting that switches Mercurial to sending heads and largefile hashes as
> POST requests instead of in headers. I've looked at the source code, and it
> seems Kallithea implements it's own version of hgweb. How hard would it be
> to add support for httppostargs? I'm willing to put in the work if I
> receive some guidance. The extent of my Python experience is writing
> Mercurial hooks and simple Discord bots.
>
> httppostargs:
>
> https://www.mercurial-scm.org/wiki/HgWebInIisOnWindows#I.27m_getting_an_HTTP_400:_Bad_request_error._What.27s_going_on.3F
>
> _______________________________________________
> kallithea-general mailing listkallithea-general at sfconservancy.orghttps://lists.sfconservancy.org/mailman/listinfo/kallithea-general
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sfconservancy.org/pipermail/kallithea-general/attachments/20211011/ab10f086/attachment.html>


More information about the kallithea-general mailing list