Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-10231

requests to rubygems repositories /api/v1/dependencies should not 302 redirect

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.13
    • Fix Version/s: None
    • Component/s: RubyGems
    • Labels:
    • Story Points:
      0.5
    • Sprint:
      Sprint 69

      Description

      rubygems repositories have an endpoint /api/v1/dependencies

      clients like bundler hit this endpoint to test if the repository supports the API. They expect response code 200 and 0 content if supported.

      Nexus responds with a 302 redirect to /api/v1/dependencies/ . The clients follow this and this causes nexus to try and render an html content listing of all the dependencies cached in the local repository. Since rubygems dependencies are a flat structure, this can result is a large response that takes considerable time to render.

      By the time Nexus is trying to write the HTML content back to the client, the client may have broken the connection ( Broken pipe ), while Nexus has had a significant performance impact.

      In some cases (depending on bundler version) the failing requests can cause Bundler to fall back to retrieving all versions of all dependencies. This in turn puts an additional burden on Nexus performance.

      The confluence of the performance impact may eventually lead to an OOM in Nexus. The root cause seems to start from nexus initially returning a 302 redirect.

      Expected

      • Nexus should return 200 and 0 content for requests to /api/v1/dependencies and not a 302 redirect to a content listing, just like the official registry does:

      https://rubygems.org/api/v1/dependencies

        Attachments

          Activity

            People

            Assignee:
            mkristian Christian Meier
            Reporter:
            plynch Peter Lynch
            CC:
            Christian Meier
            Last Updated By:
            Peter Lynch Peter Lynch
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title