Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

missing authorization header when .npmrc scoped registry is configured with root path #9056

Open
synox opened this issue May 3, 2024 · 0 comments
Open

missing authorization header when .npmrc scoped registry is configured with root path #9056

synox opened this issue May 3, 2024 · 0 comments

Comments

@synox
Copy link

synox commented May 3, 2024
edited

Using yarn 1.22.19 on macos 14.4.1 (23E224). It seems yarn does not honor the .npmrc config for domains, and only matches the exact path.

https://docs.npmjs.com/cli/v10/configuring-npm/npmrc#auth-related-configuration specifies to that we can configure at the domain level:

@myorg:registry=https://somewhere-else.com/myorg
@another:registry=https://somewhere-else.com/another
//registry.npmjs.org/:_authToken=MYTOKEN

; would apply to both @myorg and @another
; //somewhere-else.com/:_authToken=MYTOKEN

; would apply only to @myorg
//somewhere-else.com/myorg/:_authToken=MYTOKEN1

; would apply only to @another
//somewhere-else.com/another/:_authToken=MYTOKEN2

Let's recreate this config and reproduce the problem:

  • create a new project:
  • run yarn init
  • create ~/.npmrc: (replaced somewhere-else.com with localhost)
@myorg:registry=http://localhost/myorg
@another:registry=http://localhost/another

; would apply to both @myorg and @another
//localhost/:_authToken=MYTOKEN
  • run a dummy webserver: sudo -i, then while true; do echo -e "HTTP/1.1 200 OK\n\n $(date)" | nc -l 80 ; done.
  • run yarn add @myorg/test1
    output:
❯ yarn  add @myorg/test1 --verbose
yarn add v1.22.19
...
warning package.json: "test" is also the name of a node core module
verbose 0.100344417 Checking for configuration file "/Users/user/.npmrc".
...
verbose 0.10390275 current time: 2024-05-03T03:06:11.576Z
info No lockfile found.
warning [email protected]: "test" is also the name of a node core module
[1/4] 🔍  Resolving packages...
verbose 0.121385792 Performing "GET" request to "http://localhost/myorg/@myorg%2ftest1".
verbose 0.130306959 Error: http://localhost/myorg/@myorg%2ftest1: Parse Error: Expected HTTP/
...
error An unexpected error occurred: "http://localhost/myorg/@myorg%2ftest1: Parse Error: Expected HTTP/".
...

Request in the HTTP output is misssing authorization header:

GET /myorg/@myorg%2ftest1 HTTP/1.1
User-Agent: yarn/1.22.19 npm/? node/v20.12.2 darwin arm64
Accept: application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8, */*
host: localhost
accept-encoding: gzip, deflate
Connection: keep-alive

However, when running the same command with npm: npm install @myorg/test1 it has the correct authorization header.

GET /myorg/@myorg%2ftest1 HTTP/1.1
user-agent: npm/10.5.0 node/v20.12.2 darwin arm64 workspaces/false
pacote-version: 17.0.6
pacote-req-type: packument
pacote-pkg-id: registry:@myorg/test1
accept: application/json
npm-auth-type: web
npm-command: install
authorization: Bearer MYTOKEN
Accept-Encoding: gzip,deflate
Host: localhost
connection: keep-alive
@synox synox changed the title not sending authorization header when .npmrc scoped registry is configured with root path missing authorization header when .npmrc scoped registry is configured with root path May 3, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@synox