-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Incomplete
-
Affects Version/s: 3.5.0
-
Fix Version/s: None
-
Component/s: Artifacts and Repositories
-
Labels:None
-
Environment:Windows JDK8u141
When Maven client tries to get the POM from a private repository and that repository gives a 303 response to see other location, the client keeps the same authorization header in the subsequent redirect. There should be a way to remove that authorization header because there is no need to keep that.
Some call even fail because that auth header is not valid for the subsequent request. Some storage service like Azure blob hard fails because they don't expect any auth header.
GET <Redirected_location> Cache-control: no-cache Cache-store: no-store Pragma: no-cache Expires: 0 Accept-Encoding: gzip Authorization: Basic <redacted> Host: <different host than private repo> Connection: Keep-Alive User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_72)