Cannot access private repo release files through API using bearer token anymore #25257
Comments
|
What's your download url? |
An example of a I am sending a GET request to this URL with a bearer token which is confirmed working elsewhere, as this is a private repository but I can still list releases and their assets. I have also tested browsing to this exact URL inside an authenticated browser session, and I am able to download the file, so it's certainly not an issue with the URL. |
|
I have the same problem (with 1.20.0-rc2). I noticed it still works when a session is already open and the user authenticated.... |
|
There is. See https://gitea.com/gitea/act_runner/releases/download/v0.2.0/act_runner-0.2.0-darwin-amd64 |
|
Yes, I found the problem. I just search API routes and found the attachments download URL in fact point to web routes. Since web routes have removed support token authentication. I think to resolve the bug, we have two options.
|
While 2. would probably be easier, I guess there was some good reason why token authentication was removed from the web routes. If we add token auth there again and somebody makes changes in the web routes, they probably don't think that this will affect the API routes. So I think 1. is the better way because this is in line with the architecture of Gitea. |
|
|
Fix #25257 --------- Co-authored-by: Giteabot <[email protected]>
Fix go-gitea#25257 --------- Co-authored-by: Giteabot <[email protected]>
Backport #25639 by @lunny Fix #25257 Co-authored-by: Lunny Xiao <[email protected]>
|
I just wanted to inform that the issue still persists with the stable version 1.20... |
|
I also noticed the bug in my local Gitea (version 1.20.1). |
|
The issue persists in the latest 1.20.4 release I wonder if this will be fixed Because I am waiting for this issue to be fixed before I can upgrade to 1.20.x, otherwise I will be stuck with 1.19.3 |
|
Sorry forgot my PR #26430 |
…at (go-gitea#26430) (go-gitea#27378) Backport go-gitea#26430 by @lunny Fix go-gitea#26165 Fix go-gitea#25257 Co-authored-by: Lunny Xiao <[email protected]> (cherry picked from commit 23139aa)
Description
Apparently an RC release was pushed to Docker instances using the "lates" tag, so my Gitea instance is now running 1.20.0rc and I cannot downgrade. Since updating, I am no longer able to download files over HTTPS using my token. I am attempting to access the file URL and I am getting 404 errors. If I make the repository public, I am able to download the files just fine.
This bearer token works when listing releases via the API, just not downloading them. Nothing else has changed in my instance.
Gitea Version
1.20.0+rc0-48-g3afc3e4a7
Can you reproduce the bug on the Gitea demo site?
No
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
No response
How are you running Gitea?
Docker
Database
MySQL
The text was updated successfully, but these errors were encountered: