On Sat, Aug 17, 2013 at 7:03 PM, Max Semenik maxsem.wiki@gmail.com wrote:
On 17.08.2013, 22:19 Brian wrote:
its more a config issue on our end than a problem with gitblit.
Frankly, all web apps that allow anons do crazy shit with GET requests should at least mark critical links with rel="nofollow", so at least part of the blame lies on Gitblit:)
I think a more important problem is the various cache prevention headers emitted by gitblit. Ops and Chad are well aware of that issue and have gotten upstream fixes for that (with public bugzilla bugs and google code issues!) and I guess are still working with upstream on further fixes for those headers.
But this is not constructive to the "site hardening" thread so let's either follow up on the other thread I just started or drop it entirely.
-Jeremy