Add option in playbook to force credentials for git repository to be sent eagerly
The way the authentication mechanism for git repositories in Antora works is that it resolves and sends the credentials (the improperly-named HTTP Authorization header) when the server requests it. This means that the git client always makes an anonymous request when cloning/fetching public repositories. This is true even if you put the credentials (aka auth) directly into the repository URL. That's because Antora extracts this information and only sends it to the server upon request (I'll explain why below).
While there's nothing fundamentally wrong about making anonymous requests for a public repository, those requests are given lower priority and likely rate limited when compared to credentialed requests. For users who are cloning a lot of repositories, and possibly very large ones, it would be much better if those requests were made with credentials. The requests will be much more likely to succeed and transfer faster.
To enable this feature, I'm thinking of adding a new flag to the git.credentials
category key that tells Antora to resolve and send the credentials on every request:
git:
credentials:
always_send: true
or
git:
always_send_credentials: true
(I'm open to other names).
You may wonder, why doesn't Antora just send the credentials by default. The answer is that the only way to know for sure that a repository is private is if the server requests credentials. We use that callback to mark the repository as auth-required. When this setting is enabled, we'll have to trust that when a content source URL contains auth (either the real auth or git@
), then the repository is, in fact, private. We won't know otherwise.