Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-18398

Use correct header to decide the npm metadata format. And verify the format.

    Details

    • Type: Bug
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      Currently we are using the referer header of the npm install to decide weather to return the full metadata or a shorter version.

      This should be changed to the referer header.

      See bellow:

      You can request package metadata from this endpoint:

      GET https://registry.npmjs.org/:package

      The registry responds with a JSON-formatted string containing metadata for the package named, either in full or abbreviated form depending on what you request in the Accept header. If you provide no Accept header, the full document is returned. To request an abbreviated document with only the fields required to support installation, set the Accept header in your request to the following string:

      application/vnd.npm.install-v1+json

      A more typical accept header might request json as a fallback, like this:

      application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, /

      See:
      https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md

      Example of request headers the client actually send on install:
      GET /artifactory/api/npm/npmjs/npm-proxy

      accept : application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*
      accept-encoding : gzip,deflate
      authorization : Basic *****
      connection : keep-alive
      host : repo.jfrog.io:443
      npm-in-ci : false
      npm-scope : 
      npm-session : 4ea9d043dddc24f2
      pacote-pkg-id : registry:manifest
      pacote-req-type : packument
      referer : install npm-proxy
      user-agent : npm/6.4.1 node/v11.5.0 darwin x64
      
      

      See curl:

      curl 'https://repo.jfrog.io:443/artifactory/api/npm/npmjs/npm-proxy' -H 'connection: keep-alive' -H 'user-agent: npm/6.4.1 node/v11.5.0 darwin x64' -H 'npm-in-ci: false' -H 'npm-scope: ' -H 'npm-session: 9d7d19f5aa38848b' -H 'referer: install npm-proxy' -H 'pacote-req-type: packument' -H 'pacote-pkg-id: registry:manifest' -H 'accept: application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*' -H 'authorization: ***' -H 'if-none-match: d839dc31e1f77bd91d01cbbd5e04cae8e868e4a7' -H 'accept-encoding: gzip,deflate' --compressed --insecure
      

      You can try removing the accept header and see the response is getting larger.

      Please see that we comply with the same response format with npm official registry for the short version.

      See:
      RTFACT-17650

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                galba Gal Ben Ami
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: