Francisco Javier López
--- a/app/controllers/namespaces/git_http_client_controller.rb

+ 6

− 5
+++ b/app/controllers/namespaces/git_http_client_controller.rb

+ 6

− 5
 @@ -16,8 +16,8 @@ class Namespaces::GitHttpClientController < Namespaces::ApplicationController
 @@ -16,8 +16,8 @@ class Namespaces::GitHttpClientController < Namespaces::ApplicationController
  skip_around_action :set_session_storage
  skip_before_action :verify_authenticity_token
-  before_action :authenticate_user
  before_action :project
+  before_action :authenticate_user
  private
 @@ -48,8 +48,7 @@ def authenticate_user
 @@ -48,8 +48,7 @@ def authenticate_user
        send_final_spnego_response
        return # Allow access
      end
-    elsif project && download_request? && http_allowed? && Guest.can?(:download_code, project)
+    elsif http_allowed?
      @authentication_result = Gitlab::Auth::Result.new(nil, project, :none, [:download_code])
      return # Allow access
 @@ -79,7 +78,7 @@ def project
 @@ -79,7 +78,7 @@ def project
  end
  def parse_repo_path
-    @project, @repo_type, @redirected_path, @subject = Gitlab::RepoPath.parse("#{params[:namespace_id]}/#{params[:repository_id]}")
+    @subject, @project, @repo_type, @redirected_path = Gitlab::RepoPath.parse("#{params[:namespace_id]}/#{params[:repository_id]}")
  end
  def render_missing_personal_access_token
 @@ -113,7 +112,9 @@ def ci?
 @@ -113,7 +112,9 @@ def ci?
  end
  def http_allowed?
-    Gitlab::ProtocolAccess.allowed?('http')
+    Gitlab::ProtocolAccess.allowed?('http') &&
+    download_request? &&
+    (project && Guest.can?(:download_code, project) || @subject.is_a?(PersonalSnippet))
  end
 end