Documentation / technical / http-protocol.txton commit Merge branch 'kn/ref-filter-branch-list' (8d3abea)
   1HTTP transfer protocols
   2=======================
   3
   4Git supports two HTTP based transfer protocols.  A "dumb" protocol
   5which requires only a standard HTTP server on the server end of the
   6connection, and a "smart" protocol which requires a Git aware CGI
   7(or server module).  This document describes both protocols.
   8
   9As a design feature smart clients can automatically upgrade "dumb"
  10protocol URLs to smart URLs.  This permits all users to have the
  11same published URL, and the peers automatically select the most
  12efficient transport available to them.
  13
  14
  15URL Format
  16----------
  17
  18URLs for Git repositories accessed by HTTP use the standard HTTP
  19URL syntax documented by RFC 1738, so they are of the form:
  20
  21  http://<host>:<port>/<path>?<searchpart>
  22
  23Within this documentation the placeholder `$GIT_URL` will stand for
  24the http:// repository URL entered by the end-user.
  25
  26Servers SHOULD handle all requests to locations matching `$GIT_URL`, as
  27both the "smart" and "dumb" HTTP protocols used by Git operate
  28by appending additional path components onto the end of the user
  29supplied `$GIT_URL` string.
  30
  31An example of a dumb client requesting for a loose object:
  32
  33  $GIT_URL:     http://example.com:8080/git/repo.git
  34  URL request:  http://example.com:8080/git/repo.git/objects/d0/49f6c27a2244e12041955e262a404c7faba355
  35
  36An example of a smart request to a catch-all gateway:
  37
  38  $GIT_URL:     http://example.com/daemon.cgi?svc=git&q=
  39  URL request:  http://example.com/daemon.cgi?svc=git&q=/info/refs&service=git-receive-pack
  40
  41An example of a request to a submodule:
  42
  43  $GIT_URL:     http://example.com/git/repo.git/path/submodule.git
  44  URL request:  http://example.com/git/repo.git/path/submodule.git/info/refs
  45
  46Clients MUST strip a trailing `/`, if present, from the user supplied
  47`$GIT_URL` string to prevent empty path tokens (`//`) from appearing
  48in any URL sent to a server.  Compatible clients MUST expand
  49`$GIT_URL/info/refs` as `foo/info/refs` and not `foo//info/refs`.
  50
  51
  52Authentication
  53--------------
  54
  55Standard HTTP authentication is used if authentication is required
  56to access a repository, and MAY be configured and enforced by the
  57HTTP server software.
  58
  59Because Git repositories are accessed by standard path components
  60server administrators MAY use directory based permissions within
  61their HTTP server to control repository access.
  62
  63Clients SHOULD support Basic authentication as described by RFC 2617.
  64Servers SHOULD support Basic authentication by relying upon the
  65HTTP server placed in front of the Git server software.
  66
  67Servers SHOULD NOT require HTTP cookies for the purposes of
  68authentication or access control.
  69
  70Clients and servers MAY support other common forms of HTTP based
  71authentication, such as Digest authentication.
  72
  73
  74SSL
  75---
  76
  77Clients and servers SHOULD support SSL, particularly to protect
  78passwords when relying on Basic HTTP authentication.
  79
  80
  81Session State
  82-------------
  83
  84The Git over HTTP protocol (much like HTTP itself) is stateless
  85from the perspective of the HTTP server side.  All state MUST be
  86retained and managed by the client process.  This permits simple
  87round-robin load-balancing on the server side, without needing to
  88worry about state management.
  89
  90Clients MUST NOT require state management on the server side in
  91order to function correctly.
  92
  93Servers MUST NOT require HTTP cookies in order to function correctly.
  94Clients MAY store and forward HTTP cookies during request processing
  95as described by RFC 2616 (HTTP/1.1).  Servers SHOULD ignore any
  96cookies sent by a client.
  97
  98
  99General Request Processing
 100--------------------------
 101
 102Except where noted, all standard HTTP behavior SHOULD be assumed
 103by both client and server.  This includes (but is not necessarily
 104limited to):
 105
 106If there is no repository at `$GIT_URL`, or the resource pointed to by a
 107location matching `$GIT_URL` does not exist, the server MUST NOT respond
 108with `200 OK` response.  A server SHOULD respond with
 109`404 Not Found`, `410 Gone`, or any other suitable HTTP status code
 110which does not imply the resource exists as requested.
 111
 112If there is a repository at `$GIT_URL`, but access is not currently
 113permitted, the server MUST respond with the `403 Forbidden` HTTP
 114status code.
 115
 116Servers SHOULD support both HTTP 1.0 and HTTP 1.1.
 117Servers SHOULD support chunked encoding for both request and response
 118bodies.
 119
 120Clients SHOULD support both HTTP 1.0 and HTTP 1.1.
 121Clients SHOULD support chunked encoding for both request and response
 122bodies.
 123
 124Servers MAY return ETag and/or Last-Modified headers.
 125
 126Clients MAY revalidate cached entities by including If-Modified-Since
 127and/or If-None-Match request headers.
 128
 129Servers MAY return `304 Not Modified` if the relevant headers appear
 130in the request and the entity has not changed.  Clients MUST treat
 131`304 Not Modified` identical to `200 OK` by reusing the cached entity.
 132
 133Clients MAY reuse a cached entity without revalidation if the
 134Cache-Control and/or Expires header permits caching.  Clients and
 135servers MUST follow RFC 2616 for cache controls.
 136
 137
 138Discovering References
 139----------------------
 140
 141All HTTP clients MUST begin either a fetch or a push exchange by
 142discovering the references available on the remote repository.
 143
 144Dumb Clients
 145~~~~~~~~~~~~
 146
 147HTTP clients that only support the "dumb" protocol MUST discover
 148references by making a request for the special info/refs file of
 149the repository.
 150
 151Dumb HTTP clients MUST make a `GET` request to `$GIT_URL/info/refs`,
 152without any search/query parameters.
 153
 154   C: GET $GIT_URL/info/refs HTTP/1.0
 155
 156   S: 200 OK
 157   S:
 158   S: 95dcfa3633004da0049d3d0fa03f80589cbcaf31  refs/heads/maint
 159   S: d049f6c27a2244e12041955e262a404c7faba355  refs/heads/master
 160   S: 2cb58b79488a98d2721cea644875a8dd0026b115  refs/tags/v1.0
 161   S: a3c2e2402b99163d1d59756e5f207ae21cccba4c  refs/tags/v1.0^{}
 162
 163The Content-Type of the returned info/refs entity SHOULD be
 164`text/plain; charset=utf-8`, but MAY be any content type.
 165Clients MUST NOT attempt to validate the returned Content-Type.
 166Dumb servers MUST NOT return a return type starting with
 167`application/x-git-`.
 168
 169Cache-Control headers MAY be returned to disable caching of the
 170returned entity.
 171
 172When examining the response clients SHOULD only examine the HTTP
 173status code.  Valid responses are `200 OK`, or `304 Not Modified`.
 174
 175The returned content is a UNIX formatted text file describing
 176each ref and its known value.  The file SHOULD be sorted by name
 177according to the C locale ordering.  The file SHOULD NOT include
 178the default ref named `HEAD`.
 179
 180  info_refs   =  *( ref_record )
 181  ref_record  =  any_ref / peeled_ref
 182
 183  any_ref     =  obj-id HTAB refname LF
 184  peeled_ref  =  obj-id HTAB refname LF
 185                 obj-id HTAB refname "^{}" LF
 186
 187Smart Clients
 188~~~~~~~~~~~~~
 189
 190HTTP clients that support the "smart" protocol (or both the
 191"smart" and "dumb" protocols) MUST discover references by making
 192a parameterized request for the info/refs file of the repository.
 193
 194The request MUST contain exactly one query parameter,
 195`service=$servicename`, where `$servicename` MUST be the service
 196name the client wishes to contact to complete the operation.
 197The request MUST NOT contain additional query parameters.
 198
 199   C: GET $GIT_URL/info/refs?service=git-upload-pack HTTP/1.0
 200
 201dumb server reply:
 202
 203   S: 200 OK
 204   S:
 205   S: 95dcfa3633004da0049d3d0fa03f80589cbcaf31  refs/heads/maint
 206   S: d049f6c27a2244e12041955e262a404c7faba355  refs/heads/master
 207   S: 2cb58b79488a98d2721cea644875a8dd0026b115  refs/tags/v1.0
 208   S: a3c2e2402b99163d1d59756e5f207ae21cccba4c  refs/tags/v1.0^{}
 209
 210smart server reply:
 211
 212   S: 200 OK
 213   S: Content-Type: application/x-git-upload-pack-advertisement
 214   S: Cache-Control: no-cache
 215   S:
 216   S: 001e# service=git-upload-pack\n
 217   S: 004895dcfa3633004da0049d3d0fa03f80589cbcaf31 refs/heads/maint\0multi_ack\n
 218   S: 0042d049f6c27a2244e12041955e262a404c7faba355 refs/heads/master\n
 219   S: 003c2cb58b79488a98d2721cea644875a8dd0026b115 refs/tags/v1.0\n
 220   S: 003fa3c2e2402b99163d1d59756e5f207ae21cccba4c refs/tags/v1.0^{}\n
 221
 222Dumb Server Response
 223^^^^^^^^^^^^^^^^^^^^
 224Dumb servers MUST respond with the dumb server reply format.
 225
 226See the prior section under dumb clients for a more detailed
 227description of the dumb server response.
 228
 229Smart Server Response
 230^^^^^^^^^^^^^^^^^^^^^
 231If the server does not recognize the requested service name, or the
 232requested service name has been disabled by the server administrator,
 233the server MUST respond with the `403 Forbidden` HTTP status code.
 234
 235Otherwise, smart servers MUST respond with the smart server reply
 236format for the requested service name.
 237
 238Cache-Control headers SHOULD be used to disable caching of the
 239returned entity.
 240
 241The Content-Type MUST be `application/x-$servicename-advertisement`.
 242Clients SHOULD fall back to the dumb protocol if another content
 243type is returned.  When falling back to the dumb protocol clients
 244SHOULD NOT make an additional request to `$GIT_URL/info/refs`, but
 245instead SHOULD use the response already in hand.  Clients MUST NOT
 246continue if they do not support the dumb protocol.
 247
 248Clients MUST validate the status code is either `200 OK` or
 249`304 Not Modified`.
 250
 251Clients MUST validate the first five bytes of the response entity
 252matches the regex `^[0-9a-f]{4}#`.  If this test fails, clients
 253MUST NOT continue.
 254
 255Clients MUST parse the entire response as a sequence of pkt-line
 256records.
 257
 258Clients MUST verify the first pkt-line is `# service=$servicename`.
 259Servers MUST set $servicename to be the request parameter value.
 260Servers SHOULD include an LF at the end of this line.
 261Clients MUST ignore an LF at the end of the line.
 262
 263Servers MUST terminate the response with the magic `0000` end
 264pkt-line marker.
 265
 266The returned response is a pkt-line stream describing each ref and
 267its known value.  The stream SHOULD be sorted by name according to
 268the C locale ordering.  The stream SHOULD include the default ref
 269named `HEAD` as the first ref.  The stream MUST include capability
 270declarations behind a NUL on the first ref.
 271
 272  smart_reply     =  PKT-LINE("# service=$servicename" LF)
 273                     ref_list
 274                     "0000"
 275  ref_list        =  empty_list / non_empty_list
 276
 277  empty_list      =  PKT-LINE(zero-id SP "capabilities^{}" NUL cap-list LF)
 278
 279  non_empty_list  =  PKT-LINE(obj-id SP name NUL cap_list LF)
 280                     *ref_record
 281
 282  cap-list        =  capability *(SP capability)
 283  capability      =  1*(LC_ALPHA / DIGIT / "-" / "_")
 284  LC_ALPHA        =  %x61-7A
 285
 286  ref_record      =  any_ref / peeled_ref
 287  any_ref         =  PKT-LINE(obj-id SP name LF)
 288  peeled_ref      =  PKT-LINE(obj-id SP name LF)
 289                     PKT-LINE(obj-id SP name "^{}" LF
 290
 291
 292Smart Service git-upload-pack
 293------------------------------
 294This service reads from the repository pointed to by `$GIT_URL`.
 295
 296Clients MUST first perform ref discovery with
 297`$GIT_URL/info/refs?service=git-upload-pack`.
 298
 299   C: POST $GIT_URL/git-upload-pack HTTP/1.0
 300   C: Content-Type: application/x-git-upload-pack-request
 301   C:
 302   C: 0032want 0a53e9ddeaddad63ad106860237bbf53411d11a7\n
 303   C: 0032have 441b40d833fdfa93eb2908e52742248faf0ee993\n
 304   C: 0000
 305
 306   S: 200 OK
 307   S: Content-Type: application/x-git-upload-pack-result
 308   S: Cache-Control: no-cache
 309   S:
 310   S: ....ACK %s, continue
 311   S: ....NAK
 312
 313Clients MUST NOT reuse or revalidate a cached response.
 314Servers MUST include sufficient Cache-Control headers
 315to prevent caching of the response.
 316
 317Servers SHOULD support all capabilities defined here.
 318
 319Clients MUST send at least one "want" command in the request body.
 320Clients MUST NOT reference an id in a "want" command which did not
 321appear in the response obtained through ref discovery unless the
 322server advertises capability `allow-tip-sha1-in-want` or
 323`allow-reachable-sha1-in-want`.
 324
 325  compute_request   =  want_list
 326                       have_list
 327                       request_end
 328  request_end       =  "0000" / "done"
 329
 330  want_list         =  PKT-LINE(want NUL cap_list LF)
 331                       *(want_pkt)
 332  want_pkt          =  PKT-LINE(want LF)
 333  want              =  "want" SP id
 334  cap_list          =  *(SP capability) SP
 335
 336  have_list         =  *PKT-LINE("have" SP id LF)
 337
 338TODO: Document this further.
 339
 340The Negotiation Algorithm
 341~~~~~~~~~~~~~~~~~~~~~~~~~
 342The computation to select the minimal pack proceeds as follows
 343(C = client, S = server):
 344
 345'init step:'
 346
 347C: Use ref discovery to obtain the advertised refs.
 348
 349C: Place any object seen into set `advertised`.
 350
 351C: Build an empty set, `common`, to hold the objects that are later
 352   determined to be on both ends.
 353
 354C: Build a set, `want`, of the objects from `advertised` the client
 355   wants to fetch, based on what it saw during ref discovery.
 356
 357C: Start a queue, `c_pending`, ordered by commit time (popping newest
 358   first).  Add all client refs.  When a commit is popped from
 359   the queue its parents SHOULD be automatically inserted back.
 360   Commits MUST only enter the queue once.
 361
 362'one compute step:'
 363
 364C: Send one `$GIT_URL/git-upload-pack` request:
 365
 366   C: 0032want <want #1>...............................
 367   C: 0032want <want #2>...............................
 368   ....
 369   C: 0032have <common #1>.............................
 370   C: 0032have <common #2>.............................
 371   ....
 372   C: 0032have <have #1>...............................
 373   C: 0032have <have #2>...............................
 374   ....
 375   C: 0000
 376
 377The stream is organized into "commands", with each command
 378appearing by itself in a pkt-line.  Within a command line,
 379the text leading up to the first space is the command name,
 380and the remainder of the line to the first LF is the value.
 381Command lines are terminated with an LF as the last byte of
 382the pkt-line value.
 383
 384Commands MUST appear in the following order, if they appear
 385at all in the request stream:
 386
 387* "want"
 388* "have"
 389
 390The stream is terminated by a pkt-line flush (`0000`).
 391
 392A single "want" or "have" command MUST have one hex formatted
 393SHA-1 as its value.  Multiple SHA-1s MUST be sent by sending
 394multiple commands.
 395
 396The `have` list is created by popping the first 32 commits
 397from `c_pending`.  Less can be supplied if `c_pending` empties.
 398
 399If the client has sent 256 "have" commits and has not yet
 400received one of those back from `s_common`, or the client has
 401emptied `c_pending` it SHOULD include a "done" command to let
 402the server know it won't proceed:
 403
 404   C: 0009done
 405
 406S: Parse the git-upload-pack request:
 407
 408Verify all objects in `want` are directly reachable from refs.
 409
 410The server MAY walk backwards through history or through
 411the reflog to permit slightly stale requests.
 412
 413If no "want" objects are received, send an error:
 414TODO: Define error if no "want" lines are requested.
 415
 416If any "want" object is not reachable, send an error:
 417TODO: Define error if an invalid "want" is requested.
 418
 419Create an empty list, `s_common`.
 420
 421If "have" was sent:
 422
 423Loop through the objects in the order supplied by the client.
 424
 425For each object, if the server has the object reachable from
 426a ref, add it to `s_common`.  If a commit is added to `s_common`,
 427do not add any ancestors, even if they also appear in `have`.
 428
 429S: Send the git-upload-pack response:
 430
 431If the server has found a closed set of objects to pack or the
 432request ends with "done", it replies with the pack.
 433TODO: Document the pack based response
 434
 435   S: PACK...
 436
 437The returned stream is the side-band-64k protocol supported
 438by the git-upload-pack service, and the pack is embedded into
 439stream 1.  Progress messages from the server side MAY appear
 440in stream 2.
 441
 442Here a "closed set of objects" is defined to have at least
 443one path from every "want" to at least one "common" object.
 444
 445If the server needs more information, it replies with a
 446status continue response:
 447TODO: Document the non-pack response
 448
 449C: Parse the upload-pack response:
 450   TODO: Document parsing response
 451
 452'Do another compute step.'
 453
 454
 455Smart Service git-receive-pack
 456------------------------------
 457This service reads from the repository pointed to by `$GIT_URL`.
 458
 459Clients MUST first perform ref discovery with
 460`$GIT_URL/info/refs?service=git-receive-pack`.
 461
 462   C: POST $GIT_URL/git-receive-pack HTTP/1.0
 463   C: Content-Type: application/x-git-receive-pack-request
 464   C:
 465   C: ....0a53e9ddeaddad63ad106860237bbf53411d11a7 441b40d833fdfa93eb2908e52742248faf0ee993 refs/heads/maint\0 report-status
 466   C: 0000
 467   C: PACK....
 468
 469   S: 200 OK
 470   S: Content-Type: application/x-git-receive-pack-result
 471   S: Cache-Control: no-cache
 472   S:
 473   S: ....
 474
 475Clients MUST NOT reuse or revalidate a cached response.
 476Servers MUST include sufficient Cache-Control headers
 477to prevent caching of the response.
 478
 479Servers SHOULD support all capabilities defined here.
 480
 481Clients MUST send at least one command in the request body.
 482Within the command portion of the request body clients SHOULD send
 483the id obtained through ref discovery as old_id.
 484
 485  update_request  =  command_list
 486                     "PACK" <binary data>
 487
 488  command_list    =  PKT-LINE(command NUL cap_list LF)
 489                     *(command_pkt)
 490  command_pkt     =  PKT-LINE(command LF)
 491  cap_list        =  *(SP capability) SP
 492
 493  command         =  create / delete / update
 494  create          =  zero-id SP new_id SP name
 495  delete          =  old_id SP zero-id SP name
 496  update          =  old_id SP new_id SP name
 497
 498TODO: Document this further.
 499
 500
 501References
 502----------
 503
 504http://www.ietf.org/rfc/rfc1738.txt[RFC 1738: Uniform Resource Locators (URL)]
 505http://www.ietf.org/rfc/rfc2616.txt[RFC 2616: Hypertext Transfer Protocol -- HTTP/1.1]
 506link:technical/pack-protocol.html
 507link:technical/protocol-capabilities.html