Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
None
-
2.14.18, 3.25.0
-
3
Description
Some repos may be configured to return a 401 status code in place of a 404 status code when a remote file does not exist:
https://developer.atlassian.com/server/framework/atlassian-sdk/atlassian-maven-repositories-2818705/
curl -I https://packages.atlassian.com/mvn/maven-external/some/package/that/does/not/exist/maven-metadata.xml HTTP/1.1 401 Unauthorized Date: Wed, 29 Jul 2020 16:32:19 GMT Content-Type: application/json;charset=ISO-8859-1 Server: globaledge-envoy X-Artifactory-Id: 045ce620148e539cf3916c4601f9830a547e86a7 X-Artifactory-Node-Id: i-0c4a49204850cdac6 Www-Authenticate: Basic realm="Artifactory Realm" X-Envoy-Upstream-Service-Time: 861 Expect-Ct: report-uri="https://web-security-reports.services.atlassian.com/expect-ct-report/artifactory", max-age=86400 X-Logging-Id: de80cf70-1d63-429c-a0f6-b8babadad1b2 Strict-Transport-Security: max-age=63072000; preload X-Content-Type-Options: nosniff X-Xss-Protection: 1; mode=block Transfer-Encoding: chunked
A 401 status code will automatically block a repo.
Expected
The latest status codes that will auto-block are defined in NEXUS-9508
NXRM auto-blocks when:
- 5xx responses from the server
- 401 response
- 407 response
- Exceptions as currently handled.
Provide a setting per proxy repository that can augment/redefine what status codes will auto-block a proxy repository. ie. specify that 401 will not.
Attachments
Issue Links
- is related to
-
NEXUS-9508 Nexus auto-blocks repositories too aggressively
-
- Closed
-
- relates
-
NEXUS-27644 Auto blocking may not work reliably for remotes which HTTP redirect or where Remote URL base path access is not allowed
-
- New
-
-
NEXUS-16539 Nexus 3 does not auto-block on 401 responses from https://maven.oracle.com
-
- Closed
-