Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-12421

PyPi repositories may ignore the the override base url

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: High
    • Resolution: Fixed
    • Affects Version/s: 4.11.0, 4.12.0, 4.13.0, 5.3.0
    • Fix Version/s: 6.1.0
    • Component/s: PyPI
    • Labels:
      None
    • Sprint:
      Leap 32

      Description

      PyPi repositories may ignore the the override base url. This can cause replication issues, among others. This is particularly harmful if there is no context URL. This will also convert HTTPS to HTTP. To reproduce:

      1. Use a reverse proxy configuration without a public context
      2. Create a PyPi repository called pypi-bld-qa-local
      3. Curl with verbose to see the redirect URL, for example:
      curl -vXGET -u admin:password http://localhost/api/pypi/pypi-bld-qa-local/simple/algn

      Notice the header:

          proxy_set_header    X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host;
      

      Notice a good call:

      curl -vXGET -u admin:password http://localhost/pypi-bld-qa-local
      ...
      < HTTP/1.1 302 Found
      ...
      < Location: http://localhost/pypi-bld-qa-local/
      

      Notice the bad PyPi call:

      curl -vXGET -u admin:password http://localhost/api/pypi/pypi-bld-qa-local/simple/algn
      ...
      < HTTP/1.1 301 Moved Permanently
      ...
      < Location: http://localhost/artifactory/api/pypi/pypi-bld-qa-local/simple/algn/
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Dudim Dudi Morad (Inactive)
                Reporter:
                arturoa Arturo Aparicio
              • Votes:
                6 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: