log_ref_setup(): improve robustness against races
[gitweb.git] / t / t5550-http-fetch-dumb.sh
index 264a1ab8b0ea794ce398d9d5c3a40adb31bd0ff9..aeb3a63f7c07caa3f53ff4da5096dc51493dd4e3 100755 (executable)
@@ -368,5 +368,15 @@ test_expect_success 'http-alternates cannot point at funny protocols' '
                clone "$HTTPD_URL/dumb/evil.git" evil-file
 '
 
+test_expect_success 'http-alternates triggers not-from-user protocol check' '
+       echo "$HTTPD_URL/dumb/victim.git/objects" \
+               >"$evil/objects/info/http-alternates" &&
+       test_config_global http.followRedirects true &&
+       test_must_fail git -c protocol.http.allow=user \
+               clone $HTTPD_URL/dumb/evil.git evil-user &&
+       git -c protocol.http.allow=always \
+               clone $HTTPD_URL/dumb/evil.git evil-user
+'
+
 stop_httpd
 test_done