Package URLs do not accept HTTP HEAD requests due to S3 permissions
See original GitHub issueHEAD requests directly to package URLs return with a HTTP 403 (forbidden) response. This issue prevents anyone from being able to proxy the conda-forge channel through an Artifactory remote repository (similar to this Artifactory issue), which can be very useful in trying to promote adoption of these tools in a large enterprise.
Here’s an example response to the curl command similar to the one Artifactory uses with remote repositories:
curl -IL "https://conda.anaconda.org/conda-forge/linux-64/addict-1.0.0-py27_0.tar.bz2"
...
HTTP/1.1 403 Forbidden
x-amz-request-id: 49E707D600FB81F4
x-amz-id-2: M42ecmMl6QFVbE6I5UOdMrYr4vmuW9Bke+eWGX3ynK6VZjZto54YgibtpmO33xAfOK3i8HUuuD8=
Content-Type: application/xml
Transfer-Encoding: chunked
Date: Tue, 13 Jun 2017 03:13:26 GMT
Server: AmazonS3
According to the S3 docs on this,
if you don’t have the s3:ListBucket permission, Amazon S3 will return a HTTP status code 403 (“access denied”) error.
Would it be possible to have these permissions added in S3 to allow HEAD requests to go through?
Issue Analytics
- State:
- Created 6 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
Bucket policy examples - Amazon Simple Storage Service
With Amazon S3 bucket policies, you can secure access to objects in your buckets, so that only users with the appropriate permissions can...
Read more >In Amazon S3, what permissions do I need to get HEAD on an ...
Create a new signed URL for the HEAD request and it should work. Share.
Read more >Handle Amazon S3 Download No Access-Control-Allow ...
If the error message that shows up on DevTools console is something like the following, it means your Cross-Origin Resource Sharing(CORS) policy ...
Read more >Signed URLs | Cloud Storage - Google Cloud
Since the session URI acts as an authentication token, the PUT requests do not use any signed URLs. One advantage of resumable uploads...
Read more >If-None-Match - HTTP - MDN Web Docs - Mozilla
For GET and HEAD methods, the server will return the requested resource, with a 200 status, only if it doesn't have an ETag...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
I’m no longer associated with Anaconda, but I can confirm this was fixed.
This is currently being worked on and might be included in the next refresh of Anaconda.