Basic auth credentials get re-passed too often #135
Labels
Status: Untriaged
An issue that has yet to be triaged.
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Version:
3.0.15
Environment:
JFrog Cloud, access is from a CentOS 7 using Ruby 2.4.3p205, also replicated with 2.6.3p62 on MacOS 10.14.6
Scenario:
In the newest version of JFrog Cloud, artifact downloads often result in a 302 redirect. The redirect is handled by recursing to the redirect location, but the username/password are passed as basic auth credentials every time. When the redirect to AWS S3 is made, amazon interprets those basic auth credentials as s3 authentication and rejects the request with HTTP 400.
This does not happen when using api keys, since S3 does not intercept the custom header. This also doesn't happen with api requests, since those don't seem to trigger redirects.
Steps to Reproduce:
Request an artifact from the newest version of hosted Artifactory with username/password authentication
Expected Result:
An HTTP 200 and successful download
Actual Result:
An HTTP 400 and no payload
The text was updated successfully, but these errors were encountered: