[thirdparty/git.git] / Documentation / config / http.txt

http.proxy::
	Override the HTTP proxy, normally configured using the 'http_proxy',
	'https_proxy', and 'all_proxy' environment variables (see `curl(1)`). In
	addition to the syntax understood by curl, it is possible to specify a
	proxy string with a user name but no password, in which case git will
	attempt to acquire one in the same way it does for other credentials. See
	linkgit:gitcredentials[7] for more information. The syntax thus is
	'[protocol://][user[:password]@]proxyhost[:port]'. This can be overridden
	on a per-remote basis; see remote.<name>.proxy

http.proxyAuthMethod::
	Set the method with which to authenticate against the HTTP proxy. This
	only takes effect if the configured proxy string contains a user name part
	(i.e. is of the form 'user@host' or 'user@host:port'). This can be
	overridden on a per-remote basis; see `remote.<name>.proxyAuthMethod`.
	Both can be overridden by the `GIT_HTTP_PROXY_AUTHMETHOD` environment
	variable.  Possible values are:
+
--
* `anyauth` - Automatically pick a suitable authentication method. It is
  assumed that the proxy answers an unauthenticated request with a 407
  status code and one or more Proxy-authenticate headers with supported
  authentication methods. This is the default.
* `basic` - HTTP Basic authentication
* `digest` - HTTP Digest authentication; this prevents the password from being
  transmitted to the proxy in clear text
* `negotiate` - GSS-Negotiate authentication (compare the --negotiate option
  of `curl(1)`)
* `ntlm` - NTLM authentication (compare the --ntlm option of `curl(1)`)
--

http.emptyAuth::
	Attempt authentication without seeking a username or password.  This
	can be used to attempt GSS-Negotiate authentication without specifying
	a username in the URL, as libcurl normally requires a username for
	authentication.

http.delegation::
	Control GSSAPI credential delegation. The delegation is disabled
	by default in libcurl since version 7.21.7. Set parameter to tell
	the server what it is allowed to delegate when it comes to user
	credentials. Used with GSS/kerberos. Possible values are:
+
--
* `none` - Don't allow any delegation.
* `policy` - Delegates if and only if the OK-AS-DELEGATE flag is set in the
  Kerberos service ticket, which is a matter of realm policy.
* `always` - Unconditionally allow the server to delegate.
--


http.extraHeader::
	Pass an additional HTTP header when communicating with a server.  If
	more than one such entry exists, all of them are added as extra
	headers.  To allow overriding the settings inherited from the system
	config, an empty value will reset the extra headers to the empty list.

http.cookieFile::
	The pathname of a file containing previously stored cookie lines,
	which should be used
	in the Git http session, if they match the server. The file format
	of the file to read cookies from should be plain HTTP headers or
	the Netscape/Mozilla cookie file format (see `curl(1)`).
	NOTE that the file specified with http.cookieFile is used only as
	input unless http.saveCookies is set.

http.saveCookies::
	If set, store cookies received during requests to the file specified by
	http.cookieFile. Has no effect if http.cookieFile is unset.

http.version::
	Use the specified HTTP protocol version when communicating with a server.
	If you want to force the default. The available and default version depend
	on libcurl. Currently the possible values of
	this option are:

	- HTTP/2
	- HTTP/1.1

http.sslVersion::
	The SSL version to use when negotiating an SSL connection, if you
	want to force the default.  The available and default version
	depend on whether libcurl was built against NSS or OpenSSL and the
	particular configuration of the crypto library in use. Internally
	this sets the 'CURLOPT_SSL_VERSION' option; see the libcurl
	documentation for more details on the format of this option and
	for the ssl version supported. Currently the possible values of
	this option are:

	- sslv2
	- sslv3
	- tlsv1
	- tlsv1.0
	- tlsv1.1
	- tlsv1.2
	- tlsv1.3

+
Can be overridden by the `GIT_SSL_VERSION` environment variable.
To force git to use libcurl's default ssl version and ignore any
explicit http.sslversion option, set `GIT_SSL_VERSION` to the
empty string.

http.sslCipherList::
  A list of SSL ciphers to use when negotiating an SSL connection.
  The available ciphers depend on whether libcurl was built against
  NSS or OpenSSL and the particular configuration of the crypto
  library in use.  Internally this sets the 'CURLOPT_SSL_CIPHER_LIST'
  option; see the libcurl documentation for more details on the format
  of this list.
+
Can be overridden by the `GIT_SSL_CIPHER_LIST` environment variable.
To force git to use libcurl's default cipher list and ignore any
explicit http.sslCipherList option, set `GIT_SSL_CIPHER_LIST` to the
empty string.

http.sslVerify::
	Whether to verify the SSL certificate when fetching or pushing
	over HTTPS. Defaults to true. Can be overridden by the
	`GIT_SSL_NO_VERIFY` environment variable.

http.sslCert::
	File containing the SSL certificate when fetching or pushing
	over HTTPS. Can be overridden by the `GIT_SSL_CERT` environment
	variable.

http.sslKey::
	File containing the SSL private key when fetching or pushing
	over HTTPS. Can be overridden by the `GIT_SSL_KEY` environment
	variable.

http.sslCertPasswordProtected::
	Enable Git's password prompt for the SSL certificate.  Otherwise
	OpenSSL will prompt the user, possibly many times, if the
	certificate or private key is encrypted.  Can be overridden by the
	`GIT_SSL_CERT_PASSWORD_PROTECTED` environment variable.

http.sslCAInfo::
	File containing the certificates to verify the peer with when
	fetching or pushing over HTTPS. Can be overridden by the
	`GIT_SSL_CAINFO` environment variable.

http.sslCAPath::
	Path containing files with the CA certificates to verify the peer
	with when fetching or pushing over HTTPS. Can be overridden
	by the `GIT_SSL_CAPATH` environment variable.

http.sslBackend::
	Name of the SSL backend to use (e.g. "openssl" or "schannel").
	This option is ignored if cURL lacks support for choosing the SSL
	backend at runtime.

http.schannelCheckRevoke::
	Used to enforce or disable certificate revocation checks in cURL
	when http.sslBackend is set to "schannel". Defaults to `true` if
	unset. Only necessary to disable this if Git consistently errors
	and the message is about checking the revocation status of a
	certificate. This option is ignored if cURL lacks support for
	setting the relevant SSL option at runtime.

http.schannelUseSSLCAInfo::
	As of cURL v7.60.0, the Secure Channel backend can use the
	certificate bundle provided via `http.sslCAInfo`, but that would
	override the Windows Certificate Store. Since this is not desirable
	by default, Git will tell cURL not to use that bundle by default
	when the `schannel` backend was configured via `http.sslBackend`,
	unless `http.schannelUseSSLCAInfo` overrides this behavior.

http.pinnedpubkey::
	Public key of the https service. It may either be the filename of
	a PEM or DER encoded public key file or a string starting with
	'sha256//' followed by the base64 encoded sha256 hash of the
	public key. See also libcurl 'CURLOPT_PINNEDPUBLICKEY'. git will
	exit with an error if this option is set but not supported by
	cURL.

http.sslTry::
	Attempt to use AUTH SSL/TLS and encrypted data transfers
	when connecting via regular FTP protocol. This might be needed
	if the FTP server requires it for security reasons or you wish
	to connect securely whenever remote FTP server supports it.
	Default is false since it might trigger certificate verification
	errors on misconfigured servers.

http.maxRequests::
	How many HTTP requests to launch in parallel. Can be overridden
	by the `GIT_HTTP_MAX_REQUESTS` environment variable. Default is 5.

http.minSessions::
	The number of curl sessions (counted across slots) to be kept across
	requests. They will not be ended with curl_easy_cleanup() until
	http_cleanup() is invoked. If USE_CURL_MULTI is not defined, this
	value will be capped at 1. Defaults to 1.

http.postBuffer::
	Maximum size in bytes of the buffer used by smart HTTP
	transports when POSTing data to the remote system.
	For requests larger than this buffer size, HTTP/1.1 and
	Transfer-Encoding: chunked is used to avoid creating a
	massive pack file locally.  Default is 1 MiB, which is
	sufficient for most requests.
+
Note that raising this limit is only effective for disabling chunked
transfer encoding and therefore should be used only where the remote
server or a proxy only supports HTTP/1.0 or is noncompliant with the
HTTP standard.  Raising this is not, in general, an effective solution
for most push problems, but can increase memory consumption
significantly since the entire buffer is allocated even for small
pushes.

http.lowSpeedLimit, http.lowSpeedTime::
	If the HTTP transfer speed is less than 'http.lowSpeedLimit'
	for longer than 'http.lowSpeedTime' seconds, the transfer is aborted.
	Can be overridden by the `GIT_HTTP_LOW_SPEED_LIMIT` and
	`GIT_HTTP_LOW_SPEED_TIME` environment variables.

http.noEPSV::
	A boolean which disables using of EPSV ftp command by curl.
	This can helpful with some "poor" ftp servers which don't
	support EPSV mode. Can be overridden by the `GIT_CURL_FTP_NO_EPSV`
	environment variable. Default is false (curl will use EPSV).

http.userAgent::
	The HTTP USER_AGENT string presented to an HTTP server.  The default
	value represents the version of the client Git such as git/1.7.1.
	This option allows you to override this value to a more common value
	such as Mozilla/4.0.  This may be necessary, for instance, if
	connecting through a firewall that restricts HTTP connections to a set
	of common USER_AGENT strings (but not including those like git/1.7.1).
	Can be overridden by the `GIT_HTTP_USER_AGENT` environment variable.

http.followRedirects::
	Whether git should follow HTTP redirects. If set to `true`, git
	will transparently follow any redirect issued by a server it
	encounters. If set to `false`, git will treat all redirects as
	errors. If set to `initial`, git will follow redirects only for
	the initial request to a remote, but not for subsequent
	follow-up HTTP requests. Since git uses the redirected URL as
	the base for the follow-up requests, this is generally
	sufficient. The default is `initial`.

http.<url>.*::
	Any of the http.* options above can be applied selectively to some URLs.
	For a config key to match a URL, each element of the config key is
	compared to that of the URL, in the following order:
+
--
. Scheme (e.g., `https` in `https://example.com/`). This field
  must match exactly between the config key and the URL.

. Host/domain name (e.g., `example.com` in `https://example.com/`).
  This field must match between the config key and the URL. It is
  possible to specify a `*` as part of the host name to match all subdomains
  at this level. `https://*.example.com/` for example would match
  `https://foo.example.com/`, but not `https://foo.bar.example.com/`.

. Port number (e.g., `8080` in `http://example.com:8080/`).
  This field must match exactly between the config key and the URL.
  Omitted port numbers are automatically converted to the correct
  default for the scheme before matching.

. Path (e.g., `repo.git` in `https://example.com/repo.git`). The
  path field of the config key must match the path field of the URL
  either exactly or as a prefix of slash-delimited path elements.  This means
  a config key with path `foo/` matches URL path `foo/bar`.  A prefix can only
  match on a slash (`/`) boundary.  Longer matches take precedence (so a config
  key with path `foo/bar` is a better match to URL path `foo/bar` than a config
  key with just path `foo/`).

. User name (e.g., `user` in `https://user@example.com/repo.git`). If
  the config key has a user name it must match the user name in the
  URL exactly. If the config key does not have a user name, that
  config key will match a URL with any user name (including none),
  but at a lower precedence than a config key with a user name.
--
+
The list above is ordered by decreasing precedence; a URL that matches
a config key's path is preferred to one that matches its user name. For example,
if the URL is `https://user@example.com/foo/bar` a config key match of
`https://example.com/foo` will be preferred over a config key match of
`https://user@example.com`.
+
All URLs are normalized before attempting any matching (the password part,
if embedded in the URL, is always ignored for matching purposes) so that
equivalent URLs that are simply spelled differently will match properly.
Environment variable settings always override any matches.  The URLs that are
matched against are those given directly to Git commands.  This means any URLs
visited as a result of a redirection do not participate in matching.
Commit	Line	Data
ad308479 NTND	1	http.proxy::
	2	Override the HTTP proxy, normally configured using the 'http_proxy',
	3	'https_proxy', and 'all_proxy' environment variables (see `curl(1)`). In
	4	addition to the syntax understood by curl, it is possible to specify a
	5	proxy string with a user name but no password, in which case git will
	6	attempt to acquire one in the same way it does for other credentials. See
	7	linkgit:gitcredentials[7] for more information. The syntax thus is
	8	'[protocol://][user[:password]@]proxyhost[:port]'. This can be overridden
	9	on a per-remote basis; see remote.<name>.proxy
	10
	11	http.proxyAuthMethod::
	12	Set the method with which to authenticate against the HTTP proxy. This
	13	only takes effect if the configured proxy string contains a user name part
	14	(i.e. is of the form 'user@host' or 'user@host:port'). This can be
	15	overridden on a per-remote basis; see `remote.<name>.proxyAuthMethod`.
	16	Both can be overridden by the `GIT_HTTP_PROXY_AUTHMETHOD` environment
	17	variable. Possible values are:
	18	+
	19	--
	20	* `anyauth` - Automatically pick a suitable authentication method. It is
	21	assumed that the proxy answers an unauthenticated request with a 407
	22	status code and one or more Proxy-authenticate headers with supported
	23	authentication methods. This is the default.
	24	* `basic` - HTTP Basic authentication
	25	* `digest` - HTTP Digest authentication; this prevents the password from being
	26	transmitted to the proxy in clear text
	27	* `negotiate` - GSS-Negotiate authentication (compare the --negotiate option
	28	of `curl(1)`)
	29	* `ntlm` - NTLM authentication (compare the --ntlm option of `curl(1)`)
	30	--
	31
	32	http.emptyAuth::
	33	Attempt authentication without seeking a username or password. This
	34	can be used to attempt GSS-Negotiate authentication without specifying
	35	a username in the URL, as libcurl normally requires a username for
	36	authentication.
	37
	38	http.delegation::
	39	Control GSSAPI credential delegation. The delegation is disabled
	40	by default in libcurl since version 7.21.7. Set parameter to tell
	41	the server what it is allowed to delegate when it comes to user
	42	credentials. Used with GSS/kerberos. Possible values are:
	43	+
	44	--
	45	* `none` - Don't allow any delegation.
	46	* `policy` - Delegates if and only if the OK-AS-DELEGATE flag is set in the
	47	Kerberos service ticket, which is a matter of realm policy.
	48	* `always` - Unconditionally allow the server to delegate.
	49	--
	50
	51
	52	http.extraHeader::
	53	Pass an additional HTTP header when communicating with a server. If
	54	more than one such entry exists, all of them are added as extra
	55	headers. To allow overriding the settings inherited from the system
	56	config, an empty value will reset the extra headers to the empty list.
	57
	58	http.cookieFile::
	59	The pathname of a file containing previously stored cookie lines,
	60	which should be used
	61	in the Git http session, if they match the server. The file format
	62	of the file to read cookies from should be plain HTTP headers or
	63	the Netscape/Mozilla cookie file format (see `curl(1)`).
	64	NOTE that the file specified with http.cookieFile is used only as
65	input unless http.saveCookies is set.
66
67	http.saveCookies::
68	If set, store cookies received during requests to the file specified by
69	http.cookieFile. Has no effect if http.cookieFile is unset.
70
13d99192 JH	71	http.version::
	72	Use the specified HTTP protocol version when communicating with a server.
	73	If you want to force the default. The available and default version depend
856249c6	74	on libcurl. Currently the possible values of
13d99192 JH	75	this option are:
	76
	77	- HTTP/2
	78	- HTTP/1.1
	79
ad308479 NTND	80	http.sslVersion::
	81	The SSL version to use when negotiating an SSL connection, if you
	82	want to force the default. The available and default version
	83	depend on whether libcurl was built against NSS or OpenSSL and the
	84	particular configuration of the crypto library in use. Internally
	85	this sets the 'CURLOPT_SSL_VERSION' option; see the libcurl
	86	documentation for more details on the format of this option and
856249c6	87	for the ssl version supported. Currently the possible values of
ad308479 NTND	88	this option are:
	89
	90	- sslv2
	91	- sslv3
	92	- tlsv1
	93	- tlsv1.0
	94	- tlsv1.1
	95	- tlsv1.2
	96	- tlsv1.3
	97
	98	+
	99	Can be overridden by the `GIT_SSL_VERSION` environment variable.
	100	To force git to use libcurl's default ssl version and ignore any
	101	explicit http.sslversion option, set `GIT_SSL_VERSION` to the
	102	empty string.
	103
	104	http.sslCipherList::
	105	A list of SSL ciphers to use when negotiating an SSL connection.
	106	The available ciphers depend on whether libcurl was built against
	107	NSS or OpenSSL and the particular configuration of the crypto
	108	library in use. Internally this sets the 'CURLOPT_SSL_CIPHER_LIST'
	109	option; see the libcurl documentation for more details on the format
	110	of this list.
	111	+
	112	Can be overridden by the `GIT_SSL_CIPHER_LIST` environment variable.
	113	To force git to use libcurl's default cipher list and ignore any
	114	explicit http.sslCipherList option, set `GIT_SSL_CIPHER_LIST` to the
	115	empty string.
	116
	117	http.sslVerify::
	118	Whether to verify the SSL certificate when fetching or pushing
	119	over HTTPS. Defaults to true. Can be overridden by the
	120	`GIT_SSL_NO_VERIFY` environment variable.
	121
	122	http.sslCert::
	123	File containing the SSL certificate when fetching or pushing
	124	over HTTPS. Can be overridden by the `GIT_SSL_CERT` environment
	125	variable.
	126
	127	http.sslKey::
	128	File containing the SSL private key when fetching or pushing
	129	over HTTPS. Can be overridden by the `GIT_SSL_KEY` environment
	130	variable.
	131
	132	http.sslCertPasswordProtected::
	133	Enable Git's password prompt for the SSL certificate. Otherwise
	134	OpenSSL will prompt the user, possibly many times, if the
	135	certificate or private key is encrypted. Can be overridden by the
	136	`GIT_SSL_CERT_PASSWORD_PROTECTED` environment variable.
	137
	138	http.sslCAInfo::
	139	File containing the certificates to verify the peer with when
	140	fetching or pushing over HTTPS. Can be overridden by the
	141	`GIT_SSL_CAINFO` environment variable.
	142
	143	http.sslCAPath::
	144	Path containing files with the CA certificates to verify the peer
	145	with when fetching or pushing over HTTPS. Can be overridden
	146	by the `GIT_SSL_CAPATH` environment variable.
	147
	148	http.sslBackend::
	149	Name of the SSL backend to use (e.g. "openssl" or "schannel").
	150	This option is ignored if cURL lacks support for choosing the SSL
	151	backend at runtime.
152
153	http.schannelCheckRevoke::
154	Used to enforce or disable certificate revocation checks in cURL
155	when http.sslBackend is set to "schannel". Defaults to `true` if
156	unset. Only necessary to disable this if Git consistently errors
157	and the message is about checking the revocation status of a
158	certificate. This option is ignored if cURL lacks support for
159	setting the relevant SSL option at runtime.
160
161	http.schannelUseSSLCAInfo::
162	As of cURL v7.60.0, the Secure Channel backend can use the
163	certificate bundle provided via `http.sslCAInfo`, but that would
164	override the Windows Certificate Store. Since this is not desirable
165	by default, Git will tell cURL not to use that bundle by default
166	when the `schannel` backend was configured via `http.sslBackend`,
167	unless `http.schannelUseSSLCAInfo` overrides this behavior.
168
169	http.pinnedpubkey::
170	Public key of the https service. It may either be the filename of
171	a PEM or DER encoded public key file or a string starting with
172	'sha256//' followed by the base64 encoded sha256 hash of the
173	public key. See also libcurl 'CURLOPT_PINNEDPUBLICKEY'. git will
174	exit with an error if this option is set but not supported by
175	cURL.
176
177	http.sslTry::
178	Attempt to use AUTH SSL/TLS and encrypted data transfers
179	when connecting via regular FTP protocol. This might be needed
180	if the FTP server requires it for security reasons or you wish
181	to connect securely whenever remote FTP server supports it.
182	Default is false since it might trigger certificate verification
183	errors on misconfigured servers.
184
185	http.maxRequests::
186	How many HTTP requests to launch in parallel. Can be overridden
187	by the `GIT_HTTP_MAX_REQUESTS` environment variable. Default is 5.
188
189	http.minSessions::
190	The number of curl sessions (counted across slots) to be kept across
191	requests. They will not be ended with curl_easy_cleanup() until
192	http_cleanup() is invoked. If USE_CURL_MULTI is not defined, this
193	value will be capped at 1. Defaults to 1.
194
195	http.postBuffer::
196	Maximum size in bytes of the buffer used by smart HTTP
197	transports when POSTing data to the remote system.
198	For requests larger than this buffer size, HTTP/1.1 and
199	Transfer-Encoding: chunked is used to avoid creating a
200	massive pack file locally. Default is 1 MiB, which is
201	sufficient for most requests.
7a2dc95c	202	+
	203	Note that raising this limit is only effective for disabling chunked
	204	transfer encoding and therefore should be used only where the remote
	205	server or a proxy only supports HTTP/1.0 or is noncompliant with the
	206	HTTP standard. Raising this is not, in general, an effective solution
	207	for most push problems, but can increase memory consumption
	208	significantly since the entire buffer is allocated even for small
	209	pushes.
ad308479 NTND	210
	211	http.lowSpeedLimit, http.lowSpeedTime::
	212	If the HTTP transfer speed is less than 'http.lowSpeedLimit'
	213	for longer than 'http.lowSpeedTime' seconds, the transfer is aborted.
	214	Can be overridden by the `GIT_HTTP_LOW_SPEED_LIMIT` and
	215	`GIT_HTTP_LOW_SPEED_TIME` environment variables.
	216
	217	http.noEPSV::
	218	A boolean which disables using of EPSV ftp command by curl.
	219	This can helpful with some "poor" ftp servers which don't
	220	support EPSV mode. Can be overridden by the `GIT_CURL_FTP_NO_EPSV`
	221	environment variable. Default is false (curl will use EPSV).
	222
	223	http.userAgent::
	224	The HTTP USER_AGENT string presented to an HTTP server. The default
	225	value represents the version of the client Git such as git/1.7.1.
	226	This option allows you to override this value to a more common value
	227	such as Mozilla/4.0. This may be necessary, for instance, if
	228	connecting through a firewall that restricts HTTP connections to a set
	229	of common USER_AGENT strings (but not including those like git/1.7.1).
	230	Can be overridden by the `GIT_HTTP_USER_AGENT` environment variable.
	231
	232	http.followRedirects::
	233	Whether git should follow HTTP redirects. If set to `true`, git
	234	will transparently follow any redirect issued by a server it
	235	encounters. If set to `false`, git will treat all redirects as
	236	errors. If set to `initial`, git will follow redirects only for
	237	the initial request to a remote, but not for subsequent
	238	follow-up HTTP requests. Since git uses the redirected URL as
	239	the base for the follow-up requests, this is generally
	240	sufficient. The default is `initial`.
	241
	242	http.<url>.*::
	243	Any of the http.* options above can be applied selectively to some URLs.
	244	For a config key to match a URL, each element of the config key is
	245	compared to that of the URL, in the following order:
	246	+
	247	--
	248	. Scheme (e.g., `https` in `https://example.com/`). This field
	249	must match exactly between the config key and the URL.
	250
	251	. Host/domain name (e.g., `example.com` in `https://example.com/`).
	252	This field must match between the config key and the URL. It is
	253	possible to specify a `*` as part of the host name to match all subdomains
	254	at this level. `https://*.example.com/` for example would match
	255	`https://foo.example.com/`, but not `https://foo.bar.example.com/`.
	256
	257	. Port number (e.g., `8080` in `http://example.com:8080/`).
	258	This field must match exactly between the config key and the URL.
	259	Omitted port numbers are automatically converted to the correct
	260	default for the scheme before matching.
	261
	262	. Path (e.g., `repo.git` in `https://example.com/repo.git`). The
	263	path field of the config key must match the path field of the URL
	264	either exactly or as a prefix of slash-delimited path elements. This means
	265	a config key with path `foo/` matches URL path `foo/bar`. A prefix can only
	266	match on a slash (`/`) boundary. Longer matches take precedence (so a config
	267	key with path `foo/bar` is a better match to URL path `foo/bar` than a config
	268	key with just path `foo/`).
	269
	270	. User name (e.g., `user` in `https://user@example.com/repo.git`). If
	271	the config key has a user name it must match the user name in the
	272	URL exactly. If the config key does not have a user name, that
	273	config key will match a URL with any user name (including none),
274	but at a lower precedence than a config key with a user name.
275	--
276	+
277	The list above is ordered by decreasing precedence; a URL that matches
278	a config key's path is preferred to one that matches its user name. For example,
279	if the URL is `https://user@example.com/foo/bar` a config key match of
280	`https://example.com/foo` will be preferred over a config key match of
281	`https://user@example.com`.
282	+
283	All URLs are normalized before attempting any matching (the password part,
284	if embedded in the URL, is always ignored for matching purposes) so that
285	equivalent URLs that are simply spelled differently will match properly.
286	Environment variable settings always override any matches. The URLs that are
287	matched against are those given directly to Git commands. This means any URLs
288	visited as a result of a redirection do not participate in matching.