Nexus stores attributes files under NEXUS_WORK/storage/<repoid>/.nexus/attributes/*
Nexus allows GET requests to these JSON files.
One use case where we have seen attributes file access add value is:
Given a slow connection between Nexus A and B, and there is a very large file to proxy from B, one can check in a non-blocking manner the presence of the large file's attributes file in B by sending a GET request. This request is non-blocking because attributes files are not part of the UID lock for the large file. If the attributes file is present ( 200), this means the large file is ready to begin downloading from the remote. If the attributes file is 404, then one can assume the remote file is not ready to download.
However, one should not normally need direct access to attributes files remotely. In Nexus 3, we could eventually provide a REST API to get attributes or determine in a non-blocking way if a large binary is ready to download.
In the meantime, we are opting to disable downloading attributes file directly. There should be a system property to allow accessing those files though, for example in the use case above.