NuGet should not retry HTTP requests on 401 unauthorized or 403 access denied responses from private feeds #12981
Labels
Area:Authentication
Functionality:Restore
Functionality:SDK
The NuGet client packages published to nuget.org
Functionality:Search
Functionality:VisualStudioUI
Partner:VS-Other
Priority:3
Issues under consideration. With enough upvotes, will be reconsidered to be added to the backlog.
Product:dotnet.exe
Product:NuGet.exe
NuGet.exe
Type:DCR
Design Change Request
Comments
kartheekp-ms
added
Functionality:SDK
jeffkl
added
the
Priority:3
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
NuGet Product(s) Affected
NuGet.exe, Visual Studio Package Management UI, Visual Studio Package Manager Console, MSBuild.exe, dotnet.exe, NuGet SDK
Current Behavior
In the NuGet Client repository, when NuGet attempts to fetch a service index for a feed and the server responds with a 401 unauthorized message or 403 access denied message, the current implementation unnecessarily retries the request. Specifically, if enhanced retry is enabled (which seems to be the default setting), the request is retried 5 times. Otherwise, it's retried 2 times.
Desired Behavior
The HttpSourceAuthenticationHandler already has its own retry logic if credentials are required to access a private feed. Therefore, retrying an additional 5 times won't change the feed's response and only adds unnecessary load to private feed servers. I propose that we eliminate retries when a private feed response returns a 401 unauthorized or 403 access denied error.
Additional Context
No response
The text was updated successfully, but these errors were encountered: