On Mon, Nov 5, 2012 at 12:02 PM, Mark Phippard <markp...@gmail.com> wrote: > On Nov 5, 2012, at 3:11 AM, Branko Čibej <br...@wandisco.com> wrote: > >> On 05.11.2012 00:21, Thomas Åkesson wrote: >>> I did some tests with curl --head just as a sanity check. It seems to be a >>> good choice for access control. I primarily wanted to see that HEAD >>> requests were not allowed in situations where GET is not (e.g. when user >>> has access in directories below). >>> >>> The HEAD requests I performed (minimal curl command) did not cause the >>> server to provide Content-Length when returning "200 OK". >> >> Which is precisely what I was talking about in my other post. Such HEAD >> responses are invalid. If we implement HEAD, we have to do it correctly. >> >> -- Brane > > I thought that Serf already issues HEAD requests? Not sure about Neon. > No it doesn't, serf only sends the requests provided by svn. (except when setting up an ssl tunnel, but that's not relevant here).
Lieven
