cal/claude-memory
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity
43eb2fc95d
claude-memory/graph/fixes/ct-302-gitea-push-embedded-credential-url-rejected-use-httpe-c5a9df.md

1.3 KiB
Raw Blame History

id type title tags importance confidence created updated
c5a9dff8-5ebe-4e5e-8494-c46333728db8 fix CT 302 Gitea push: embedded-credential URL rejected, use http.extraHeader instead
gitea
claude-runner
git
authentication
fix
0.6 0.8 2026-02-20T14:56:32.846201+00:00 2026-02-20T14:56:32.846201+00:00

Problem

Pushing from CT 302 (claude-runner, 10.10.0.148) to Gitea failed with 403 Forbidden, even though the token was valid. The remote URL had the token embedded in the URL:

https://cal:<token>@git.manticorum.com/cal/claude-runner-monitoring.git

Gitea rejected this format.

Fix

  1. Set remote to plain HTTPS (no credentials in URL):

    git remote set-url origin https://git.manticorum.com/cal/claude-runner-monitoring.git

  2. Configure persistent auth header in git config:

    git config http.https://git.manticorum.com/.extraHeader 'Authorization: token <token>'

Token is stored in ~/.claude/secrets/claude_runner_monitoring_gitea_token on the workstation.

Notes

  • SSH git remote also doesn't work from CT 302 — no SSH key registered with Gitea for root@claude-runner
  • The http.extraHeader approach applies to all repos under git.manticorum.com from CT 302
  • Credential helper approach failed due to shell escaping issues over SSH