You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@maven.apache.org by "Michael Osipov (JIRA)" <ji...@apache.org> on 2019/03/19 08:24:00 UTC
[jira] [Commented] (MNG-6614) Maven 3.5 client fails to remove the
authorization header on 303 redirect
[ https://issues.apache.org/jira/browse/MNG-6614?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16795819#comment-16795819 ]
Michael Osipov commented on MNG-6614:
-------------------------------------
Get a most recent Java 8 version, update your Maven version to 3.6.1-SNAPSHOT and provide a full debug log.
> Maven 3.5 client fails to remove the authorization header on 303 redirect
> -------------------------------------------------------------------------
>
> Key: MNG-6614
> URL: https://issues.apache.org/jira/browse/MNG-6614
> Project: Maven
> Issue Type: Bug
> Components: Artifacts and Repositories
> Affects Versions: 3.5.0
> Environment: Windows JDK8u141
> Reporter: Shubham Bhawsinka
> Priority: Major
> Fix For: wontfix-candidate
>
>
> When Maven client tries to get the POM from a private repository and that repository gives a 303 response to see other location, the client keeps the same authorization header in the subsequent redirect. There should be a way to remove that authorization header because there is no need to keep that.
> Some call even fail because that auth header is not valid for the subsequent request. Some storage service like Azure blob hard fails because they don't expect any auth header.
> {noformat}GET <Redirected_location>
> Cache-control: no-cache
> Cache-store: no-store
> Pragma: no-cache
> Expires: 0
> Accept-Encoding: gzip
> Authorization: Basic <redacted>
> Host: <different host than private repo>
> Connection: Keep-Alive
> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_72){noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)