Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-28591

Support proxying of S3 backed remotes such as Git Package Registries


    • Bug
    • Resolution: Unresolved
    • Major
    • None
    • 3.33.0
    • Proxy Repository
    • 3
    • 3


      Currently when proxying to an AWS S3 backed remote such as Git package registries, the request to the remote will fail due to S3 returning the following HTTP 400 response:

      Only one auth mechanism allowed; only the X-Amz-Algorithm query parameter, Signature query string parameter or the Authorization header should be specified 

       When a successfully authenticated request is sent to the Git package registry a redirect to an S3 location occurs. This location URL includes an X-Amz-Algorithm query param, however Nexus also includes the Authorization header in the redirected request to S3 as well. As S3 expects only one auth method (X-Amz-Algorithm param or Auth header), it fails the request with the above message.

      As an example of this issue, please refer to https://issues.sonatype.org/browse/NEXUS-23750


      For these types of remotes, an option should exist across formats that allows an admin to select if headers such as Authorization should/should not be included in redirected requests e.g. Through an allow/deny list. 

      NEXUS-23750 implements a solution for npm proxies where the auth header is removed, however the potential could exist for a redirected location to require an auth header, as such the option should be made configurable.


        Issue Links



              Unassigned Unassigned
              hardeepn Hardeep Nagra
              Michael Oliverio Michael Oliverio
              0 Vote for this issue
              4 Start watching this issue