hex icon indicating copy to clipboard operation
hex copied to clipboard
verified publisher icon hexpm

Add HEX_TRUSTED_MIRROR_URL configuration

Open ericmj opened this issue 4 years ago • 4 comments

The new HEX_TRUSTED_MIRROR_URL should work like the current HEX_MIRROR_URL.

HEX_MIRROR_URL should no longer send the authorization header.

With these changes we can make a distinction between trusted mirrors that can be used to fetch private packages and untrusted mirrors that you shouldn't share access keys with.

ericmj avatar May 11 '21 13:05 ericmj

HEX_MIRROR_URL seems to have been shortened to HEX_MIRROR at some point. SHould we make this HEX_TRUSTED_MIRROR instead?

supersimple avatar May 12 '21 03:05 supersimple

HEX_MIRROR_URL seems to have been shortened to HEX_MIRROR at some point. SHould we make this HEX_TRUSTED_MIRROR instead?

👍

ericmj avatar May 12 '21 06:05 ericmj

Would HEX_TRUSTED_MIRROR take precedence over HEX_MIRROR?

Benjamin-Philip avatar Oct 03 '22 07:10 Benjamin-Philip

I think we should warn if both are set and let HEX_MIRROR have precedence since it was first.

ericmj avatar Oct 03 '22 07:10 ericmj