Cannot access a private repository in gem-fury
Question
I've setup a private composer repository via gem-fury, but when I'm trying to download one of the packages (using composer-require) I receive the following error:
[Composer\Downloader\TransportException]
The 'https://s3.amazonaws.com:443/gemfury/gems/[SOME_STRING]/[VENDOR][PACKAGE]_[VERSION]_zip?Signature=SIGNATURE&Expires=1481739039&AWSAccessKeyId=[AWS_ACCESS_KEY]' URL could not be accessed: HTTP/1.1 400 Bad Request
PS I know that the authentication worked because composer does receive the package.json file (the latest version is recognized)
Any help would be appretiated
1 answers
solution1
1 ACCPTED 2017-02-07 09:43:08
Short answer : You may see this issue if you are using auth.json to store your Gemfury token. At this time, the only way to work around this issue is to embed the token directly into your repository URL in composer.json .
Long answer : The reason it doesn't work is due to a bug in Composer CLI. In that particular use-case, when Composer acts on Gemfury's redirect from your private php.fury.io repo to a secure S3 download, it includes the Authorization header with your Gemfury token. This header conflicts with S3's authentication model, and results in a 400 Bad Request response.
Resending Authorization header on a redirect from one host to another is a fairly significant security concern, and I recommend you reset your Gemfury token and stop using auth.json authentication method until this issue is resolved.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.