Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-27075

duplicated outbound HTTP headers for Docker requests

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.29.2
    • Fix Version/s: None
    • Component/s: Docker
    • Labels:
      None
    • Notability:
      n/a

      Description

      When a Docker proxy repository makes an outbound request for a manifest, duplicate HTTP headers are present. Example:

      2021-03-23 05:28:23,939-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> GET /v2/library/ubuntu/manifests/latest HTTP/1.1
      2021-03-23 05:28:23,940-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> If-Modified-Since: Mon, 22 Mar 2021 18:16:51 GMT
      2021-03-23 05:28:23,940-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> If-None-Match: "sha256:b4f9e18267eb98998f6130342baacaeb9553f136142d40959a1b46d6401f0f2b"
      2021-03-23 05:28:23,940-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> Accept: application/vnd.docker.distribution.manifest.v2+json
      2021-03-23 05:28:23,941-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> Accept: application/vnd.docker.distribution.manifest.v1+prettyjws
      2021-03-23 05:28:23,941-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> Accept: application/vnd.docker.distribution.manifest.v1+json
      2021-03-23 05:28:23,941-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> Accept: application/json
      2021-03-23 05:28:23,942-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> Accept: application/vnd.docker.distribution.manifest.list.v2+json
      2021-03-23 05:28:23,942-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> Accept: application/vnd.docker.distribution.manifest.list.v2+json
      2021-03-23 05:28:23,942-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> Accept: application/vnd.oci.image.index.v1+json
      2021-03-23 05:28:23,943-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> Accept: application/vnd.oci.image.manifest.v1+json
      2021-03-23 05:28:23,943-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> Accept: application/vnd.docker.distribution.manifest.v2+json
      2021-03-23 05:28:23,944-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> Accept: application/vnd.docker.distribution.manifest.v1+prettyjws
      2021-03-23 05:28:23,944-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> Accept: application/json
      2021-03-23 05:28:23,944-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> Host: registry-1.docker.io
      2021-03-23 05:28:23,945-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> Connection: Keep-Alive
      2021-03-23 05:28:23,945-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> User-Agent: Nexus/3.29.2-02 (PRO; Mac OS X; 10.16; x86_64; 1.8.0_252)
      2021-03-23 05:28:23,945-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> Accept-Encoding: gzip,deflate
      2021-03-23 05:28:23,946-0300 DEBUG [qtp789441735-281] admin org.apache.http.headers - http-outgoing-6 >> Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsIng1YyI6...
      

      Duplicate headers noticed include:

      • Accept: application/vnd.docker.distribution.manifest.list.v2+json
      • Accept: application/vnd.docker.distribution.manifest.v1+prettyjws
      • Accept: application/vnd.docker.distribution.manifest.v2+json
      • Accept: application/json

      There is no known legitimate reason that NXRM needs to send duplicate outbound Accept headers.

      It appears this is not currently causing a problem downstream - it is just wasteful and does not match what a Docker client would send.

      Expected

      Do not duplicate outbound headers unless there is a reason.

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Rich Seddon Rich Seddon
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Date of First Response:

                tigCommentSecurity.panel-title