Artifactory remote repositories are making redundant GET requests when you enable Bypass HEAD requests. For example with NPM remote repository if you enable Bypass HEAD requests in remote repo settings, the Remote repository ends up making two identical GET requests for the same package. The two GET requests are seen for both metadata and the actual tarball package as well.
Artifactory version - 6.X
Please note that the two GET requests Artifactory is making cannot be seen in the Artifactory request logs. You will need a proxy server to capture the transactions from Artifactory to the upstream npmjs, which will show the two GET requests. I have attached a screenshot of the charles proxy console showing the redundant GET requests.
This issue affects anyone who is using Bypass HEAD requests option in the NPM remote repositories, as we are now sending double the number of requests to the upstream npmjs.
Making two GET requests for the same binary is not good, as you could be in a situation where one GET request could hit a CDN cache that has the updated metadata and the second GET could hit a CDN cache that has older metadata. CDN caches being out of sync is something that can happen and lead to inconsistencies in Artifactory when making multiple GET requests for the same binary or metadata.
Steps to Reproduce:
- Create a NPM remote repository. In Advanced settings page please enable Bypass Head requests
- Now have a forward proxy, so that you can monitor every request going out of Artifactory.
- Try installing a NPM package and you will notice in the Proxy logs that Artifactory is making two GET requests for metadata of the package and also for the actual tarball as well