From d5b59ecba95652d314e89b9ef1d4306bbc18f4fc Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 18 Oct 2024 11:05:41 -0400 Subject: [PATCH] clarification on 403 --- doc/design/p2p_protocol_over_http.mdwn | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/design/p2p_protocol_over_http.mdwn b/doc/design/p2p_protocol_over_http.mdwn index ec20de471e..1c5ff28a61 100644 --- a/doc/design/p2p_protocol_over_http.mdwn +++ b/doc/design/p2p_protocol_over_http.mdwn @@ -39,7 +39,8 @@ Authentication is done using HTTP basic auth. The realm to use when authenticating is "git-annex". The charset is UTF-8. When authentication is successful but does not allow a request to be -performed, it will fail with 403 Forbidden. +performed, it will fail with 403 Forbidden. (This also is sent when the +server does not support authentication.) Note that HTTP basic auth is not encrypted so is only secure when used over HTTPS.