[英]Cannot access a private repository in gem-fury
I've setup a private composer repository via gem-fury, but when I'm trying to download one of the packages (using composer-require) I receive the following error: 我已经通过gem-fury建立了一个私有的composer存储库,但是当我尝试下载其中一个软件包(使用composer-require)时,出现以下错误:
[Composer\Downloader\TransportException]
The 'https://s3.amazonaws.com:443/gemfury/gems/[SOME_STRING]/[VENDOR][PACKAGE]_[VERSION]_zip?Signature=SIGNATURE&Expires=1481739039&AWSAccessKeyId=[AWS_ACCESS_KEY]' URL could not be accessed: HTTP/1.1 400 Bad Request
PS I know that the authentication worked because composer does receive the package.json file (the latest version is recognized) PS我知道身份验证有效,因为作曲家确实收到package.json文件(可以识别最新版本)
Any help would be appretiated 任何帮助将不胜感激
Short answer : You may see this issue if you are using auth.json
to store your Gemfury token. 简短答案 :如果您使用auth.json
存储Gemfury令牌,则可能会看到此问题。 At this time, the only way to work around this issue is to embed the token directly into your repository URL in composer.json
. 目前,解决此问题的唯一方法是将令牌直接嵌入composer.json
的存储库URL中。
Long answer : The reason it doesn't work is due to a bug in Composer CLI. 长答案 :不起作用的原因是由于Composer CLI中的错误。 In that particular use-case, when Composer acts on Gemfury's redirect from your private php.fury.io
repo to a secure S3 download, it includes the Authorization
header with your Gemfury token. 在该特定用例中,当Composer执行Gemfury从您的私人php.fury.io
库到安全S3下载的重定向时,它将包括带有您的Gemfury令牌的Authorization
标头。 This header conflicts with S3's authentication model, and results in a 400 Bad Request
response. 此标头与S3的身份验证模型冲突,并导致400 Bad Request
响应。
Resending Authorization
header on a redirect from one host to another is a fairly significant security concern, and I recommend you reset your Gemfury token and stop using auth.json
authentication method until this issue is resolved. 在从一台主机到另一台主机的重定向上重新发送Authorization
标头是一个相当重要的安全问题,我建议您重置Gemfury令牌并停止使用auth.json
身份验证方法,直到解决此问题为止。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.