Anonymous access doesn't work with Hg's httppostargs option

Issue #944 resolved
Gábor Stefanik
created an issue

We have a Hg repository on our SCM Manager instance with a continuously increasing number of heads. This repository requires us to regularly increase the maximum HTTP request header size in server-config.xml, which is not viable in the long term.

Our SCM Manager instance is configured not to require HTTP authentication for read operations, using the "Anonymous access" feature.

On Mercurial's bug tracker, we were suggested the option "experimental.httppostargs" as a workaround for the request header size creep. However, setting this option causes "hg pull" to pop up a password prompt, breaking scripts that try to access SCM Manager anonymously. Wireshark reveals that the first POST request is getting HTTP 401, even though pull is a read-only operation.

Looks like SCM Manager is blindly blocking unauthenticated HTTP POST requests, even when they are part of a read operation.