Shubham Bhawsinka created MNG-6614:
--------------------------------------
Summary: Maven 3.5 client fails to remove the authorization header
on 303 redirect
Key: MNG-6614
URL: https://issues.apache.org/jira/browse/MNG-6614
Project: Maven
Issue Type: Bug
Components: Artifacts and Repositories
Affects Versions: 3.5.0
Environment: Windows JDK8u141
Reporter: Shubham Bhawsinka
When maven client tries to get the POM from a private repository and that
repository gives a 303 response to see other location, the client keeps the
same authorization header in the subsequent redirect. There should be a way to
remove that authorization header because there is no need to keep that.
Some call even fail because that auth header is not valid for the subsequent
request. Some storage service like Azure blob hard fails because they don't
expect any auth header.
GET <Redirected_location>
Cache-control: no-cache
Cache-store: no-store
Pragma: no-cache
Expires: 0
Accept-Encoding: gzip
Authorization: Basic <redacted>
Host: <different host than private repo>
Connection: Keep-Alive
User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_72)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
