Uploaded image for project: 'Maven'
  1. Maven
  2. MNG-6614

Maven 3.5 client fails to remove the authorization header on 303 redirect

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Incomplete
    • 3.5.0
    • None
    • None
    • Windows JDK8u141

    Description

      When Maven client tries to get the POM from a private repository and that repository gives a 303 response to see other location, the client keeps the same authorization header in the subsequent redirect. There should be a way to remove that authorization header because there is no need to keep that. 

      Some call even fail because that auth header is not valid for the subsequent request. Some storage service like Azure blob hard fails because they don't expect any auth header.

      GET <Redirected_location>
      Cache-control: no-cache
      Cache-store: no-store
      Pragma: no-cache
      Expires: 0
      Accept-Encoding: gzip
      Authorization: Basic <redacted>
      Host: <different host than private repo>
      Connection: Keep-Alive
      User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_72)

      Attachments

        Activity

          People

            Unassigned Unassigned
            shbhawsi Shubham Bhawsinka
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: