HomePhorge

Improve consistency of file access policies, particularly for LFS

Description

Improve consistency of file access policies, particularly for LFS

Summary:
Ref T7789. Currently, we use different viewers if you have security.alternate-file-domain configured vs if you do not.

This is largely residual from the days of one-time-tokens, and can cause messy configuration-dependent bugs like the one in T7789#172057.

Instead, always use the omnipotent viewer. Knowledge of the secret key alone is sufficient to access a file.

Test Plan:

  • Disabled security.alternate-file-domain.
  • Reproduced an issue similar to the one described on T7789.
  • Applied change.
  • Clean LFS interaction.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T7789

Differential Revision: https://secure.phabricator.com/D15784

Details

Provenance
epriestleyAuthored on Apr 22 2016, 4:40 AM
themackabuPushed on Mar 25 2025, 8:07 PM
Parents
rP711f13660e54: Synchronize working copies before doing a "bypassCache" commit read
Branches
Unknown
Tags
Unknown

Event Timeline