Skip to content

docs: document ALLOW_INSECURE_GIT_ACCESS for trusted local git providers#521

Open
abhikb2005 wants to merge 1 commit into
OpenHands:mainfrom
abhikb2005:codex/docs-allow-insecure-git-access
Open

docs: document ALLOW_INSECURE_GIT_ACCESS for trusted local git providers#521
abhikb2005 wants to merge 1 commit into
OpenHands:mainfrom
abhikb2005:codex/docs-allow-insecure-git-access

Conversation

@abhikb2005
Copy link
Copy Markdown

@abhikb2005 abhikb2005 commented May 25, 2026

Summary

Adds documentation for ALLOW_INSECURE_GIT_ACCESS when using trusted local/internal Gitea or Forgejo instances over HTTP.

Context

Related to OpenHands/OpenHands#14523.

@VascoSch92, you asked me to tag you in the PR.

Scope

This PR is intentionally docs-only.

It:

  • Adds ALLOW_INSECURE_GIT_ACCESS to the environment variables reference.
  • Clarifies that it is intended only for trusted local/internal HTTP git providers.
  • Mentions local Gitea/Forgejo-style usage.

It does not:

  • Change runtime behavior.
  • Claim to fully fix the environment propagation behavior described in #14523.
  • Modify unrelated documentation.

Validation

  • Confirmed source behavior references ALLOW_INSECURE_GIT_ACCESS.
  • Confirmed git diff --check passes.
  • Ran the narrowed relevant pytest target: 30 passed, 6 deselected.
  • Full pytest currently has an unrelated upstream failure caused by a raw GitHub URL returning 404.
  • Mintlify CLI validation was attempted but unavailable/timed out via npx.

@abhikb2005 abhikb2005 requested a review from mamoodi as a code owner May 25, 2026 17:00
@abhikb2005 abhikb2005 mentioned this pull request May 25, 2026
Open
2 tasks
VascoSch92
VascoSch92 approved these changes May 26, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@VascoSch92 VascoSch92 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a small comment.

Otherwise, LGTM

Comment thread openhands/usage/environment-variables.mdx
### Git Provider Access
| Environment Variable | Type | Default | Description |
|---------------------|------|---------|-------------|
| `ALLOW_INSECURE_GIT_ACCESS` | boolean | `false` | Allow OpenHands to connect to git providers over plain HTTP. Set this only for trusted local or internal Gitea/Forgejo instances where HTTPS is not available. |
Copy link
Copy Markdown
Member

@VascoSch92 VascoSch92 May 26, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The wording is slightly narrower than the actual code behavior.

In provider.py, the insecure-HTTP path triggers for any provider whose host starts with http:// (e.g. a self-hosted GitLab over plain HTTP)

  if domain and domain.strip().startswith('http://'):
      allow_insecure = os.environ.get('ALLOW_INSECURE_GIT_ACCESS', 'false').lower() in ('true', '1', 'yes')

Could we generalize the description slightly, e.g.:

Allow OpenHands to connect to git providers over plain HTTP. Set this only for trusted local or internal git providers (such as Gitea/Forgejo) where HTTPS is not available.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@VascoSch92 VascoSch92 VascoSch92 approved these changes

@mamoodi mamoodi Awaiting requested review from mamoodi mamoodi is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@abhikb2005 @VascoSch92