Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] No auth for URI, but auth present for scoped registry #3134

Closed
glen-84 opened this issue Apr 23, 2021 · 7 comments
Closed

[BUG] No auth for URI, but auth present for scoped registry #3134

glen-84 opened this issue Apr 23, 2021 · 7 comments
Labels
Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release

Comments

@glen-84
Copy link

glen-84 commented Apr 23, 2021
edited
Loading

Current Behavior:

Getting:

No auth for URI, but auth present for scoped registry

.npmrc:

@x:registry=https://gitlab.com/api/v4/packages/npm/
//gitlab.com/api/v4/packages/npm/:_authToken=${GITLAB_NPM_TOKEN}

I read the wiki page, but I think that the tarballs are on the same host (https://gitlab.com). This is working with npm 7.10.0.

Expected Behavior:

No errors – auth should be available on the same host.

Steps To Reproduce:

Use the GitLab private registry with configuration similar to the above. I can provide more details if necessary.

Environment:

  • OS: Windows 10
  • Node: 14.16.1
  • npm: 7.11.0
@glen-84 glen-84 added Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release labels Apr 23, 2021
@nlf
Copy link
Contributor

nlf commented Apr 23, 2021

the error does not indicate that the host is different, but that the source of the data does not match your registry. it means that unless the uri to the tarball exists at some path that starts with https://gitlab.com/api/v4/packages/npm/ then we do not send authentication to it.

this is an effort to avoid sending authentication headers to addresses unless we are absolutely certain they match your provided registry.

did the logged error include the url that it attempted to fetch? if so, you can use that to determine what an additional entry in your .npmrc may need to look like to authenticate tarball requests as well.

@glen-84
Copy link
Author

glen-84 commented Apr 23, 2021

Ah, I see. There are a few references to host in that wiki article, so I was misdirected.

The URL is: https://gitlab.com/api/v4/projects/{projectId}/packages/npm/@x....

So I guess I need to add:

//gitlab.com/api/v4/projects/:_authToken=${GITLAB_NPM_TOKEN}

Please consider listing such breaking changes in a separate section of the changelog. The item under DEPENDENCIES is not very noticeable. 🙂

Thanks.

@glen-84
Copy link
Author

glen-84 commented Apr 23, 2021

One question: Could you just use a common prefix instead, if the origin is the same?

f.e. //gitlab.com/api/v4 covers both.

@JaxonWright
Copy link

I think this is the same as #3130

@glen-84
Copy link
Author

glen-84 commented Apr 23, 2021

I saw that issue, and I don't think that it's the same.

@isaacs
Copy link
Contributor

isaacs commented Apr 23, 2021

#3130 is two problems. This is the same as one of them, but not the other ;)

Going to have a fix going out shortly.

@glen-84
Copy link
Author

glen-84 commented Apr 24, 2021

This appears to be fixed in 7.11.1. Thanks.

@glen-84 glen-84 closed this as completed Apr 24, 2021
@habemuscode habemuscode mentioned this issue Jan 4, 2023
Open
@zkochan zkochan mentioned this issue Jun 8, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug thing that needs fixing Needs Triage needs review for next steps Release 7.x work is associated with a specific npm 7 release
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@isaacs @glen-84 @nlf @JaxonWright