Details
-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
3.33.0
-
3
-
3
Description
Currently when proxying to an AWS S3 backed remote such as Git package registries, the request to the remote will fail due to S3 returning the following HTTP 400 response:
Only one auth mechanism allowed; only the X-Amz-Algorithm query parameter, Signature query string parameter or the Authorization header should be specified
When a successfully authenticated request is sent to the Git package registry a redirect to an S3 location occurs. This location URL includes an X-Amz-Algorithm query param, however Nexus also includes the Authorization header in the redirected request to S3 as well. As S3 expects only one auth method (X-Amz-Algorithm param or Auth header), it fails the request with the above message.
As an example of this issue, please refer to https://issues.sonatype.org/browse/NEXUS-23750
Expected
For these types of remotes, an option should exist across formats that allows an admin to select if headers such as Authorization should/should not be included in redirected requests e.g. Through an allow/deny list.
NEXUS-23750 implements a solution for npm proxies where the auth header is removed, however the potential could exist for a redirected location to require an auth header, as such the option should be made configurable.
Attachments
Issue Links
- is related to
-
-
- Closed
-