Recently, a header was added to Artifactory which allows a local client to use a header to determine if Artifactory returns an S3, CloudFront, or direct download URL. This is the "X-JFrog-Download-Redirect-To" header that was added in RTFACT-25145.
Currently, this header works for direct Artifactory URLs, for example a GET to example-repo/example-file.zip will properly handle the header.
However, paths which insert an "api" such as api/npm, api/pypi, api/go do not handle the header, and instead return only a CloudFront URL.
This presents a problem for users who want inject the redirect header using a reverse proxy.
Although local clients such as NPM or PyPi don't support adding additional headers directly, inserting a header using a reverse proxy layer is still possible.
|-------- Build Server -------||----
NPM / PyPi Client ---> Nginx ---> Internal Network ---> Nginx ---> Artifactory
Adding this feature allows users to have cheaper S3 downloads if both Artifactory and the build server are hosted in AWS, while still allowing CloudFront and direct downloads externally.
What is the expected behavior?
Regardless of context, Artifactory handles the "X-JFrog-Download-Redirect-To" header. It either produces an S3 URL if "S3" is passed, or it uses a CloudFront URL if "CF" is passed.