41 lines
1.3 KiB
Markdown
41 lines
1.3 KiB
Markdown
---
|
|
id: c5a9dff8-5ebe-4e5e-8494-c46333728db8
|
|
type: fix
|
|
title: "CT 302 Gitea push: embedded-credential URL rejected, use http.extraHeader instead"
|
|
tags: [gitea, claude-runner, git, authentication, fix]
|
|
importance: 0.6
|
|
confidence: 0.8
|
|
created: "2026-02-20T14:56:32.846201+00:00"
|
|
updated: "2026-02-20T14:56:32.846201+00:00"
|
|
---
|
|
|
|
## Problem
|
|
|
|
Pushing from CT 302 (claude-runner, 10.10.0.148) to Gitea failed with 403 Forbidden, even though the token was valid. The remote URL had the token embedded in the URL:
|
|
|
|
```
|
|
https://cal:<token>@git.manticorum.com/cal/claude-runner-monitoring.git
|
|
```
|
|
|
|
Gitea rejected this format.
|
|
|
|
## Fix
|
|
|
|
1. Set remote to plain HTTPS (no credentials in URL):
|
|
```
|
|
git remote set-url origin https://git.manticorum.com/cal/claude-runner-monitoring.git
|
|
```
|
|
|
|
2. Configure persistent auth header in git config:
|
|
```
|
|
git config http.https://git.manticorum.com/.extraHeader 'Authorization: token <token>'
|
|
```
|
|
|
|
Token is stored in `~/.claude/secrets/claude_runner_monitoring_gitea_token` on the workstation.
|
|
|
|
## Notes
|
|
|
|
- SSH git remote also doesn't work from CT 302 — no SSH key registered with Gitea for root@claude-runner
|
|
- The `http.extraHeader` approach applies to all repos under `git.manticorum.com` from CT 302
|
|
- Credential helper approach failed due to shell escaping issues over SSH
|