When a repository is specified as repo.foo.com, but repo.foo.com redirects to dl.bintray.com, ivy looks for the credential for host = dl.bintray.com while e.g. coursier works with the credential for host = repo.foo.com.
It looks like this was a safety choice at the ivy/httpclient side, to avoid accidentally leaking credentials to the wrong server: it is the standard behavior of the HttpClient APIs (https://github.com/sbt/ivy/blob/2.3.x-sbt/src/java/org/apache/ivy/util/url/HttpClientHandler.java#L303, also when used via setCredentials with an AuthScope).
Unfortunately, it looks like in Coursier the connection returned by url.openConnection does follow redirects, but doesn't provide access to the redirected hostname.
How could we make this consistent?
When a repository is specified as
repo.foo.com, butrepo.foo.comredirects todl.bintray.com, ivy looks for the credential forhost = dl.bintray.comwhile e.g. coursier works with the credential forhost = repo.foo.com.It looks like this was a safety choice at the ivy/httpclient side, to avoid accidentally leaking credentials to the wrong server: it is the standard behavior of the HttpClient APIs (https://github.com/sbt/ivy/blob/2.3.x-sbt/src/java/org/apache/ivy/util/url/HttpClientHandler.java#L303, also when used via
setCredentialswith anAuthScope).Unfortunately, it looks like in Coursier the connection returned by
url.openConnectiondoes follow redirects, but doesn't provide access to the redirected hostname.How could we make this consistent?