[
https://issues.apache.org/jira/browse/MNG-7719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17696550#comment-17696550
]
Slawomir Jaranowski edited comment on MNG-7719 at 3/5/23 10:09 AM:
-------------------------------------------------------------------
Testing: {{MAVEN_OPTS=-Dorg.slf4j.simpleLogger.log.org.apache.http=DEBUG mvn
deploy -X}}
h2. With snapshot
first request:
{noformat}
[DEBUG] http-outgoing-0 >> GET
/slawekjaranowski/test/test/test/1.6-SNAPSHOT/maven-metadata.xml HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 << HTTP/1.1 401 Unauthorized
[DEBUG] http-outgoing-0 << access-control-allow-methods: GET, HEAD, OPTIONS
[DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-0 << Server: GitHub Registry
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-0 << www-authenticate: Basic realm="GitHub Package
Registry"
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: DENY
[DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:17:07 GMT
[DEBUG] http-outgoing-0 << Content-Length: 0
[DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 96F3:5E81:D2DC0C:DC2EEC:64045E13
[DEBUG] Connection can be kept alive indefinitely
[DEBUG] Authentication required
{noformat}
Next:
{noformat}
[DEBUG] http-outgoing-0 >> GET
/slawekjaranowski/test/test/test/1.6-SNAPSHOT/maven-metadata.xml HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 >> Authorization: Basic xxx
[DEBUG] http-outgoing-0 << HTTP/1.1 200 OK
[DEBUG] http-outgoing-0 << access-control-allow-methods: GET, HEAD, OPTIONS
[DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-0 << Content-Type: application/xml
[DEBUG] http-outgoing-0 << Server: GitHub Registry
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: DENY
[DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:17:07 GMT
[DEBUG] http-outgoing-0 << Transfer-Encoding: chunked
[DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 96F3:5E81:D2DC19:DC2EF9:64045E13
[DEBUG] Connection can be kept alive indefinitely
{noformat}
And for put we have {{OPTIONS}} first
{noformat}
[DEBUG] http-outgoing-0 >> OPTIONS
/slawekjaranowski/test/test/test/1.6-SNAPSHOT/test-1.6-20230305.091705-6.pom
HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 >> Authorization: Basic xxx
[DEBUG] http-outgoing-0 << HTTP/1.1 200 OK
[DEBUG] http-outgoing-0 << access-control-allow-methods: DELETE, GET, HEAD,
OPTIONS, PUT
[DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-0 << Server: GitHub Registry
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: DENY
[DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:17:08 GMT
[DEBUG] http-outgoing-0 << Content-Length: 0
[DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 96F3:5E81:D2DC57:DC2F3F:64045E14
{noformat}
And finally {{PUT}} with authorization
{noformat}
[DEBUG] http-outgoing-0 >> PUT
/slawekjaranowski/test/test/test/1.6-SNAPSHOT/test-1.6-20230305.091705-6.pom
HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Expect: 100-continue
[DEBUG] http-outgoing-0 >> Content-Length: 2089
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 >> Authorization: Basic xxx
[DEBUG] http-outgoing-0 << HTTP/1.1 100 Continue
[DEBUG] http-outgoing-0 << HTTP/1.1 200 OKom (2.1 kB)
[DEBUG] http-outgoing-0 << access-control-allow-methods: OPTIONS, PUT
[DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-0 << Server: GitHub Registry
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: DENY
[DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:17:09 GMT
[DEBUG] http-outgoing-0 << Content-Length: 84
[DEBUG] http-outgoing-0 << Content-Type: text/plain; charset=utf-8
[DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 96F3:5E81:D2DC64:DC2F4E:64045E14
{noformat}
h2. With release version
First request {{OPTION}} without auth return *200*
{noformat}
[DEBUG] http-outgoing-0 >> OPTIONS
/slawekjaranowski/test/test/test/1.6/test-1.6.pom HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 << HTTP/1.1 200 OK
[DEBUG] http-outgoing-0 << access-control-allow-methods: DELETE, GET, HEAD,
OPTIONS, PUT
[DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-0 << Server: GitHub Registry
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: DENY
[DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:32:51 GMT
[DEBUG] http-outgoing-0 << Content-Length: 0
[DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 9759:0643:E94489:F2C289:640461C3
{noformat}
First {{PUT}} returns *401*
{noformat}
[DEBUG] http-outgoing-0 >> PUT
/slawekjaranowski/test/test/test/1.6/test-1.6.pom HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Expect: 100-continue
[DEBUG] http-outgoing-0 >> Content-Length: 2089
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 << HTTP/1.1 401 Unauthorized
[DEBUG] http-outgoing-0 << access-control-allow-methods: OPTIONS, PUT
[DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-0 << Server: GitHub Registry
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-0 << www-authenticate: Basic realm="GitHub Package
Registry"
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: DENY
[DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:32:51 GMT
[DEBUG] http-outgoing-0 << Content-Length: 0
[DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 9759:0643:E94494:F2C298:640461C3
{noformat}
Next {{PUT}} returns *400*
{noformat}
[DEBUG] http-outgoing-0 >> PUT
/slawekjaranowski/test/test/test/1.6/test-1.6.pom HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Expect: 100-continue
[DEBUG] http-outgoing-0 >> Content-Length: 2089
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 >> Authorization: Basic xxx
[DEBUG] http-outgoing-0 << HTTP/1.1 400 Bad Request
[DEBUG] http-outgoing-0 << Cache-Control: no-cache
[DEBUG] http-outgoing-0 << Content-Type: text/html; charset=utf-8
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: deny
[DEBUG] http-outgoing-0 << X-XSS-Protection: 0
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
style-src 'unsafe-inline'
[DEBUG] http-outgoing-0 << connection: close
{noformat}
And other {{PUT}} returns *409* - it is ok I had such artifact from previous
tests
{noformat}
[DEBUG] http-outgoing-1 >> PUT
/slawekjaranowski/test/test/test/1.6/test-1.6.jar HTTP/1.1
[DEBUG] http-outgoing-1 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-1 >> Pragma: no-cache
[DEBUG] http-outgoing-1 >> Expect: 100-continue
[DEBUG] http-outgoing-1 >> Content-Length: 1874
[DEBUG] http-outgoing-1 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-1 >> Connection: Keep-Alive
[DEBUG] http-outgoing-1 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-1 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-1 >> Authorization: Basic xxx
[DEBUG] http-outgoing-1 << HTTP/1.1 100 Continue
[DEBUG] http-outgoing-1 << HTTP/1.1 409 Conflict
[DEBUG] http-outgoing-1 << access-control-allow-methods: OPTIONS, PUT
[DEBUG] http-outgoing-1 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-1 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-1 << Content-Type: text/plain; charset=utf-8
[DEBUG] http-outgoing-1 << Server: GitHub Registry
[DEBUG] http-outgoing-1 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-1 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-1 << X-Frame-Options: DENY
[DEBUG] http-outgoing-1 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-1 << Date: Sun, 05 Mar 2023 09:32:55 GMT
[DEBUG] http-outgoing-1 << Content-Length: 80
[DEBUG] http-outgoing-1 << X-GitHub-Request-Id: 975A:3206:E6B3EE:F02417:640461C6
{noformat}
was (Author: slawekjaranowski):
Testing: {{MAVEN_OPTS=-Dorg.slf4j.simpleLogger.log.org.apache.http=DEBUG mvn
deploy -X}}
h2. With snapshot
first request:
{noformat}
[DEBUG] http-outgoing-0 >> GET
/slawekjaranowski/test/test/test/1.6-SNAPSHOT/maven-metadata.xml HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 << HTTP/1.1 401 Unauthorized
[DEBUG] http-outgoing-0 << access-control-allow-methods: GET, HEAD, OPTIONS
[DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-0 << Server: GitHub Registry
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-0 << www-authenticate: Basic realm="GitHub Package
Registry"
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: DENY
[DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:17:07 GMT
[DEBUG] http-outgoing-0 << Content-Length: 0
[DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 96F3:5E81:D2DC0C:DC2EEC:64045E13
[DEBUG] Connection can be kept alive indefinitely
[DEBUG] Authentication required
{noformat}
Next:
{noformat}
[DEBUG] http-outgoing-0 >> GET
/slawekjaranowski/test/test/test/1.6-SNAPSHOT/maven-metadata.xml HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 >> Authorization: Basic xxx
[DEBUG] http-outgoing-0 << HTTP/1.1 200 OK
[DEBUG] http-outgoing-0 << access-control-allow-methods: GET, HEAD, OPTIONS
[DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-0 << Content-Type: application/xml
[DEBUG] http-outgoing-0 << Server: GitHub Registry
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: DENY
[DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:17:07 GMT
[DEBUG] http-outgoing-0 << Transfer-Encoding: chunked
[DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 96F3:5E81:D2DC19:DC2EF9:64045E13
[DEBUG] Connection can be kept alive indefinitely
{noformat}
And for put we have {{OPTIONS}} first
{noformat}
[DEBUG] http-outgoing-0 >> OPTIONS
/slawekjaranowski/test/test/test/1.6-SNAPSHOT/test-1.6-20230305.091705-6.pom
HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 >> Authorization: Basic xxx
[DEBUG] http-outgoing-0 << HTTP/1.1 200 OK
[DEBUG] http-outgoing-0 << access-control-allow-methods: DELETE, GET, HEAD,
OPTIONS, PUT
[DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-0 << Server: GitHub Registry
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: DENY
[DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:17:08 GMT
[DEBUG] http-outgoing-0 << Content-Length: 0
[DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 96F3:5E81:D2DC57:DC2F3F:64045E14
{noformat}
And finally {{PUT}} with authorization
{noformat}
[DEBUG] http-outgoing-0 >> PUT
/slawekjaranowski/test/test/test/1.6-SNAPSHOT/test-1.6-20230305.091705-6.pom
HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Expect: 100-continue
[DEBUG] http-outgoing-0 >> Content-Length: 2089
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 >> Authorization: Basic xxx
[DEBUG] http-outgoing-0 << HTTP/1.1 100 Continue
[DEBUG] http-outgoing-0 << HTTP/1.1 200 OKom (2.1 kB)
[DEBUG] http-outgoing-0 << access-control-allow-methods: OPTIONS, PUT
[DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-0 << Server: GitHub Registry
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: DENY
[DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:17:09 GMT
[DEBUG] http-outgoing-0 << Content-Length: 84
[DEBUG] http-outgoing-0 << Content-Type: text/plain; charset=utf-8
[DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 96F3:5E81:D2DC64:DC2F4E:64045E14
{noformat}
h2. With release version
First request {{OPTION}} without auth return *200*
{noformat}
[DEBUG] http-outgoing-0 >> OPTIONS
/slawekjaranowski/test/test/test/1.6/test-1.6.pom HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 << HTTP/1.1 200 OK
[DEBUG] http-outgoing-0 << access-control-allow-methods: DELETE, GET, HEAD,
OPTIONS, PUT
[DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-0 << Server: GitHub Registry
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: DENY
[DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:32:51 GMT
[DEBUG] http-outgoing-0 << Content-Length: 0
[DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 9759:0643:E94489:F2C289:640461C3
{noformat}
First {{PUT}} returns *401*
{noformat}
[DEBUG] http-outgoing-0 >> PUT
/slawekjaranowski/test/test/test/1.6/test-1.6.pom HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Expect: 100-continue
[DEBUG] http-outgoing-0 >> Content-Length: 2089
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 << HTTP/1.1 401 Unauthorized
[DEBUG] http-outgoing-0 << access-control-allow-methods: OPTIONS, PUT
[DEBUG] http-outgoing-0 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-0 << Server: GitHub Registry
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-0 << www-authenticate: Basic realm="GitHub Package
Registry"
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: DENY
[DEBUG] http-outgoing-0 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-0 << Date: Sun, 05 Mar 2023 09:32:51 GMT
[DEBUG] http-outgoing-0 << Content-Length: 0
[DEBUG] http-outgoing-0 << X-GitHub-Request-Id: 9759:0643:E94494:F2C298:640461C3
{noformat}
Next {{PUT}} returns *400*
{noformat}
[DEBUG] http-outgoing-0 >> PUT
/slawekjaranowski/test/test/test/1.6/test-1.6.pom HTTP/1.1
[DEBUG] http-outgoing-0 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-0 >> Pragma: no-cache
[DEBUG] http-outgoing-0 >> Expect: 100-continue
[DEBUG] http-outgoing-0 >> Content-Length: 2089
[DEBUG] http-outgoing-0 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-0 >> Connection: Keep-Alive
[DEBUG] http-outgoing-0 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-0 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-0 >> Authorization: Basic xxx
[DEBUG] http-outgoing-0 << HTTP/1.1 400 Bad Request
[DEBUG] http-outgoing-0 << Cache-Control: no-cache
[DEBUG] http-outgoing-0 << Content-Type: text/html; charset=utf-8
[DEBUG] http-outgoing-0 << Strict-Transport-Security: max-age=31536000
[DEBUG] http-outgoing-0 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-0 << X-Frame-Options: deny
[DEBUG] http-outgoing-0 << X-XSS-Protection: 0
[DEBUG] http-outgoing-0 << Content-Security-Policy: default-src 'none';
style-src 'unsafe-inline'
[DEBUG] http-outgoing-0 << connection: close
{noformat}
And other {{PUT}} returns *409*
{noformat}
[DEBUG] http-outgoing-1 >> PUT
/slawekjaranowski/test/test/test/1.6/test-1.6.jar HTTP/1.1
[DEBUG] http-outgoing-1 >> Cache-Control: no-cache, no-store
[DEBUG] http-outgoing-1 >> Pragma: no-cache
[DEBUG] http-outgoing-1 >> Expect: 100-continue
[DEBUG] http-outgoing-1 >> Content-Length: 1874
[DEBUG] http-outgoing-1 >> Host: maven.pkg.github.com
[DEBUG] http-outgoing-1 >> Connection: Keep-Alive
[DEBUG] http-outgoing-1 >> User-Agent: Apache-Maven/3.9.0 (Java 17.0.6; Mac OS
X 12.6.3)
[DEBUG] http-outgoing-1 >> Accept-Encoding: gzip,deflate
[DEBUG] http-outgoing-1 >> Authorization: Basic xxx
[DEBUG] http-outgoing-1 << HTTP/1.1 100 Continue
[DEBUG] http-outgoing-1 << HTTP/1.1 409 Conflict
[DEBUG] http-outgoing-1 << access-control-allow-methods: OPTIONS, PUT
[DEBUG] http-outgoing-1 << Access-Control-Allow-Origin: *
[DEBUG] http-outgoing-1 << Content-Security-Policy: default-src 'none';
[DEBUG] http-outgoing-1 << Content-Type: text/plain; charset=utf-8
[DEBUG] http-outgoing-1 << Server: GitHub Registry
[DEBUG] http-outgoing-1 << Strict-Transport-Security: max-age=31536000;
[DEBUG] http-outgoing-1 << X-Content-Type-Options: nosniff
[DEBUG] http-outgoing-1 << X-Frame-Options: DENY
[DEBUG] http-outgoing-1 << X-XSS-Protection: 1; mode=block
[DEBUG] http-outgoing-1 << Date: Sun, 05 Mar 2023 09:32:55 GMT
[DEBUG] http-outgoing-1 << Content-Length: 80
[DEBUG] http-outgoing-1 << X-GitHub-Request-Id: 975A:3206:E6B3EE:F02417:640461C6
{noformat}
> Maven 3.9.0 native http transport ignores username/password for basic auth
> --------------------------------------------------------------------------
>
> Key: MNG-7719
> URL: https://issues.apache.org/jira/browse/MNG-7719
> Project: Maven
> Issue Type: Improvement
> Components: Core, Deployment
> Affects Versions: 3.9.0
> Reporter: Adam Gent
> Priority: Major
> Fix For: waiting-for-feedback
>
>
> In 3.9.0 the default maven http transport switched from wagon to native.
> It appears that the native transport does not respect:
> {code:xml}
> <server>
> <id>some-repo</id>
> <username>some-username</username>
> <password>basic-auth-password</password>
> </server>
> {code}
> Now when you do a mvn deploy to some-repo the basic auth headers are missing.
> This is probably causing github package problems:
> https://github.com/orgs/community/discussions/49001
> -----
> The issue appears to be that the native client respects Basic Auth Challenges
> and our server did not do that (it never sends the WWW-Authenticate) as the
> original Wagon HTTP transport did not need it.
> The wagon version will always send the credentials on PUT and POST but no
> credentials on GET of maven metadata.
> The wagon version basically is like a header API key when doing basic auth
> instead of the true basic auth workflow.
> For whatever reason I removed the WWW-Authenticate header probably for
> security reasons.
> Since the native client is doing technically the right thing this is not a
> bug however it would be nice if there was some option to revert to the old
> behavior as it does save a round trip on PUT (a 401 needs to happen with the
> header before native will send credentials).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
