git-html5.js icon indicating copy to clipboard operation
git-html5.js copied to clipboard
verified publisher icon ryanackley

Limited interoperability

Open janotav opened this issue 12 years ago • 3 comments

This library looks great but I believe the basic authentication limitation disqualifies it from most real world scenarios. Please consider adding support for:

  1. tunnelling the http(s) communication through the server to allow access to non-CORS enabled repos
  2. supporting ssh protocol (again using tunnelling)

Keep up the good work!

janotav avatar Oct 09 '13 05:10 janotav

I may be wrong but this is supposed to be a 100% client based git? Surely tunnelling is outside the scope of this project? Just my two-cents.

nathggns avatar Oct 09 '13 09:10 nathggns

I'm no security expert but basic auth over https is as secure as logging into your webmail or paypal account from your browser or even entering your credit card information at an ecommerce site.

That being said, I'm sure some people would prefer tighter security.

ryanackley avatar Oct 09 '13 10:10 ryanackley

I think this is not so uncommon scenario to avoid the same origin restriction by letting your server to work as a proxy.

My concern here is not about security. I wanted to use git-html5 in our project, but could not because the target repository neither supports CORS nor provides https access (Heroku).

janotav avatar Oct 09 '13 10:10 janotav