Package URLs do not accept HTTP HEAD requests due to S3 permissions

HEAD requests directly to package URLs return with a HTTP 403 (forbidden) response. This issue prevents anyone from being able to proxy the conda-forge channel through an Artifactory remote repository (similar to this Artifactory issue), which can be very useful in trying to promote adoption of these tools in a large enterprise.

Here’s an example response to the curl command similar to the one Artifactory uses with remote repositories:

curl -IL "https://conda.anaconda.org/conda-forge/linux-64/addict-1.0.0-py27_0.tar.bz2"
...

HTTP/1.1 403 Forbidden
x-amz-request-id: 49E707D600FB81F4
x-amz-id-2: M42ecmMl6QFVbE6I5UOdMrYr4vmuW9Bke+eWGX3ynK6VZjZto54YgibtpmO33xAfOK3i8HUuuD8=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Tue, 13 Jun 2017 03:13:26 GMT
Server: AmazonS3

According to the S3 docs on this,

if you don’t have the s3:ListBucket permission, Amazon S3 will return a HTTP status code 403 (“access denied”) error.

Would it be possible to have these permissions added in S3 to allow HEAD requests to go through?