Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-28591

Support proxying of S3 backed remotes such as Git Package Registries

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: New
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 3.33.0
    • Fix Version/s: None
    • Component/s: Proxy Repository
    • Labels:
    • Notability:
      3

      Description

      Currently when proxying to an AWS S3 backed remote such as Git package registries, the request to the remote will fail due to S3 returning the following HTTP 400 response:

      Only one auth mechanism allowed; only the X-Amz-Algorithm query parameter, Signature query string parameter or the Authorization header should be specified 

       When a successfully authenticated request is sent to the Git package registry a redirect to an S3 location occurs. This location URL includes an X-Amz-Algorithm query param, however Nexus also includes the Authorization header in the redirected request to S3 as well. As S3 expects only one auth method (X-Amz-Algorithm param or Auth header), it fails the request with the above message.

      As an example of this issue, please refer to https://issues.sonatype.org/browse/NEXUS-23750

      Expected

      For these types of remotes, an option should exist across formats that allows an admin to select if headers such as Authorization should/should not be included in redirected requests e.g. Through an allow/deny list. 

      NEXUS-23750 implements a solution for npm proxies where the auth header is removed, however the potential could exist for a redirected location to require an auth header, as such the option should be made configurable.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              hardeepn Hardeep Nagra
              Last Updated By:
              Michael Oliverio Michael Oliverio
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Date of First Response:

                  tigCommentSecurity.panel-title