Affects Version/s: 3.21.1
Fix Version/s: None
With all versions of Nexus, upto and including 3.21.2-03, a proxied PyPI repository does not rewrite the download URLs of the PyPI JSON API.
A simple case to reproduce:
- Start the latest nexus with docker:
- Configure a PyPi proxy (to https://pypi.org) called "pypi-proxy"
- Fetch metadata about a package such as pip:
- Notice that the URL of the download is not using the proxy, but points out to files.pythonhosted.org.
Whilst I appreciate that the URL reaches outside of the https://pypi.org domain, it is still important that the proxy should handle this. The equivalent "simple" view does indeed do so:
When implementing this, be aware that PyPi appears to have a redirect in-place for https://pypi.org/pypi/pip/json/ -> https://pypi.org/pypi/pip/json whereas this resource is not available in Nexus (in some regards this is an entirely separate issue, but I wanted to raise it here as it may affect the relative URLs that get re-written).