[
https://issues.apache.org/jira/browse/MNG-6614?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Osipov closed MNG-6614.
-------------------------------
Resolution: Incomplete
Fix Version/s: (was: wontfix-candidate)
> Maven 3.5 client fails to remove the authorization header on 303 redirect
> -------------------------------------------------------------------------
>
> Key: MNG-6614
> URL: https://issues.apache.org/jira/browse/MNG-6614
> Project: Maven
> Issue Type: Bug
> Components: Artifacts and Repositories
> Affects Versions: 3.5.0
> Environment: Windows JDK8u141
> Reporter: Shubham Bhawsinka
> Priority: Major
>
> When Maven client tries to get the POM from a private repository and that
> repository gives a 303 response to see other location, the client keeps the
> same authorization header in the subsequent redirect. There should be a way
> to remove that authorization header because there is no need to keep that.
> Some call even fail because that auth header is not valid for the subsequent
> request. Some storage service like Azure blob hard fails because they don't
> expect any auth header.
> {noformat}GET <Redirected_location>
> Cache-control: no-cache
> Cache-store: no-store
> Pragma: no-cache
> Expires: 0
> Accept-Encoding: gzip
> Authorization: Basic <redacted>
> Host: <different host than private repo>
> Connection: Keep-Alive
> User-Agent: Apache-HttpClient/4.5.2 (Java/1.8.0_72){noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
