diff --git a/routers/repo/http.go b/routers/repo/http.go index 9c0834e5c..0c746e311 100644 --- a/routers/repo/http.go +++ b/routers/repo/http.go @@ -29,6 +29,7 @@ import ( "code.gitea.io/gitea/modules/log" "code.gitea.io/gitea/modules/process" "code.gitea.io/gitea/modules/setting" + "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/modules/timeutil" repo_service "code.gitea.io/gitea/services/repository" ) @@ -135,6 +136,16 @@ func HTTP(ctx *context.Context) { environ []string ) + // don't allow anonymous pulls if organization is not public + if isPublicPull { + if err := repo.GetOwner(); err != nil { + ctx.ServerError("GetOwner", err) + return + } + + askAuth = askAuth || (repo.Owner.Visibility != structs.VisibleTypePublic) + } + // check access if askAuth { authUsername = ctx.Req.Header.Get(setting.ReverseProxyAuthUser)