- Document what what we're doing with LimitExcept.

- Drop POST from the allowed list; this mistake has been here since 2003, but it doesn't really matter as POST on a Subversion repository is an invalid operation anyway.
author: epg <epg@pkgsrc.org> 2007-12-13 20:03:36 +0000
committer: epg <epg@pkgsrc.org> 2007-12-13 20:03:36 +0000
commit: 841326effeecf477acaeead71df1a1b50e55ad1f (patch)
tree: 9680499db4cc18824b16cef2a5b6be4c84241695 /www/ap2-subversion
parent: cb61e59737e9d1051d2c42cada4b3167fd4d2a0b (diff)
download: pkgsrc-841326effeecf477acaeead71df1a1b50e55ad1f.tar.gz
1 files changed, 3 insertions, 2 deletions
diff --git a/www/ap2-subversion/MESSAGE b/www/ap2-subversion/MESSAGE
index 6db11be292f..aa09b9b5bbe 100644
--- a/www/ap2-subversion/MESSAGE
+++ b/www/ap2-subversion/MESSAGE
@@ -1,5 +1,5 @@
 ===========================================================================
-$NetBSD: MESSAGE,v 1.2 2003/05/25 09:17:41 epg Exp $
+$NetBSD: MESSAGE,v 1.3 2007/12/13 20:03:36 epg Exp $
 
 See ${PREFIX}/share/doc/subversion/INSTALL for details on making
 a repository accessible via mod_dav_svn.  Basically, you need
@@ -12,7 +12,8 @@ something like this in httpd.conf:
         AuthType Basic
         AuthName "Subversion repository"
         AuthUserFile "/path/to/passwd-file"
-        <LimitExcept GET HEAD OPTIONS POST PROPFIND REPORT TRACE>
+        # Allow anonymous reads but require authentication for writes.
+        <LimitExcept GET HEAD OPTIONS PROPFIND REPORT TRACE>
             Require valid-user
         </LimitExcept>
     </Location>
author	epg <epg@pkgsrc.org>	2007-12-13 20:03:36 +0000
committer	epg <epg@pkgsrc.org>	2007-12-13 20:03:36 +0000
commit	841326effeecf477acaeead71df1a1b50e55ad1f (patch)
tree	9680499db4cc18824b16cef2a5b6be4c84241695 /www/ap2-subversion
parent	cb61e59737e9d1051d2c42cada4b3167fd4d2a0b (diff)
download	pkgsrc-841326effeecf477acaeead71df1a1b50e55ad1f.tar.gz