diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini
index 1c6a7e3b7c6..ac0c9e9c867 100644
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -879,6 +879,9 @@ ROUTER = console
;; Allow deletion of unadopted repositories
;ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES = false
+;; Don't allow download source archive files from UI
+;DISABLE_DOWNLOAD_SOURCE_ARCHIVES = false
+
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;[repository.editor]
diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
index cb2b9526d7d..e4e7ad7b198 100644
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -78,6 +78,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
- `DEFAULT_BRANCH`: **main**: Default branch name of all repositories.
- `ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to adopt unadopted repositories
- `ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to delete unadopted repositories
+- `DISABLE_DOWNLOAD_SOURCE_ARCHIVES`: **false**: Don't allow download source archive files from UI
### Repository - Editor (`repository.editor`)
diff --git a/modules/setting/repository.go b/modules/setting/repository.go
index 733bc6d90e6..d0406dbf902 100644
--- a/modules/setting/repository.go
+++ b/modules/setting/repository.go
@@ -48,6 +48,7 @@ var (
DefaultBranch string
AllowAdoptionOfUnadoptedRepositories bool
AllowDeleteOfUnadoptedRepositories bool
+ DisableDownloadSourceArchives bool
// Repository editor settings
Editor struct {
diff --git a/modules/templates/base.go b/modules/templates/base.go
index 282019f826c..9563650e127 100644
--- a/modules/templates/base.go
+++ b/modules/templates/base.go
@@ -35,10 +35,11 @@ func BaseVars() Vars {
"IsLandingPageExplore": setting.LandingPageURL == setting.LandingPageExplore,
"IsLandingPageOrganizations": setting.LandingPageURL == setting.LandingPageOrganizations,
- "ShowRegistrationButton": setting.Service.ShowRegistrationButton,
- "ShowMilestonesDashboardPage": setting.Service.ShowMilestonesDashboardPage,
- "ShowFooterBranding": setting.ShowFooterBranding,
- "ShowFooterVersion": setting.ShowFooterVersion,
+ "ShowRegistrationButton": setting.Service.ShowRegistrationButton,
+ "ShowMilestonesDashboardPage": setting.Service.ShowMilestonesDashboardPage,
+ "ShowFooterBranding": setting.ShowFooterBranding,
+ "ShowFooterVersion": setting.ShowFooterVersion,
+ "DisableDownloadSourceArchives": setting.Repository.DisableDownloadSourceArchives,
"EnableSwagger": setting.API.EnableSwagger,
"EnableOpenIDSignIn": setting.Service.EnableOpenIDSignIn,
diff --git a/routers/web/web.go b/routers/web/web.go
index b4e8666c44f..a9f43fb2c4f 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -290,6 +290,13 @@ func RegisterRoutes(m *web.Route) {
}
}
+ dlSourceEnabled := func(ctx *context.Context) {
+ if setting.Repository.DisableDownloadSourceArchives {
+ ctx.Error(http.StatusNotFound)
+ return
+ }
+ }
+
// FIXME: not all routes need go through same middleware.
// Especially some AJAX requests, we can reduce middleware number to improve performance.
// Routers.
@@ -1106,7 +1113,7 @@ func RegisterRoutes(m *web.Route) {
m.Group("/archive", func() {
m.Get("/*", repo.Download)
m.Post("/*", repo.InitiateDownload)
- }, repo.MustBeNotEmpty, reqRepoCodeReader)
+ }, repo.MustBeNotEmpty, dlSourceEnabled, reqRepoCodeReader)
m.Group("/branches", func() {
m.Get("", repo.Branches)
diff --git a/templates/mail/release.tmpl b/templates/mail/release.tmpl
index a95647105ca..931c0d1b541 100644
--- a/templates/mail/release.tmpl
+++ b/templates/mail/release.tmpl
@@ -31,12 +31,14 @@
{{.locale.Tr "mail.release.downloads"}}