Archive downloads redirect ignores file extension
According to the documentation about getting file archives it should be possible to add a file extension and get the corresponding file type. This feature is used by composer to download zip archives.
Today our pipelines broke because composer complains about not being able to extra the archives.
For example https://repo.packagist.org/p2/co-stack/fal_sftp.json references a file download:
https://gitlab.com/api/v4/projects/co-stack%2Ecom%2Fco-stack%2Ecom%2Ftypo3-extensions%2Ffal_sftp/repository/archive.zip?sha=13b9eb2eb5d6aa239f7b45ffa00d1a8788f3eaea
This triggers a redirect from URL-encoded path to id, but leaves the file extension out (see /archive.zip and and /archive).
$ curl -sS -D - 'https://gitlab.com/api/v4/projects/co-stack%2Ecom%2Fco-stack%2Ecom%2Ftypo3-extensions%2Ffal_sftp/repository/archive.zip?sha=13b9eb2eb5d6aa239f7b45ffa00d1a8788f3eaea' -o /dev/null
HTTP/2 301
date: Wed, 22 Oct 2025 13:11:23 GMT
content-type: text/plain; charset=utf-8
content-length: 151
location: https://gitlab.com/api/v4/projects/18307533/repository/archive?sha=13b9eb2eb5d6aa239f7b45ffa00d1a8788f3eaea
cf-ray: 99293d823e613412-FRA
cf-cache-status: MISS
cache-control: no-cache
strict-transport-security: max-age=31536000
vary: Origin
content-security-policy: default-src 'none'
gitlab-lb: haproxy-main-26-lb-gprd
gitlab-sv: api-gke-us-east1-c
nel: {"max_age": 0}
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
x-gitlab-meta: {"correlation_id":"99293d8247723412-ATL","version":"1"}
x-request-id: 99293d8247723412-ATL
x-runtime: 0.057582
set-cookie: __cf_bm=Zy3EgCh3X1x6GV0jqPUxX7nwef5smC8suqThx5TybNs-1761138683-1.0.1.1-qbkFktphI9J2jveESpouQtEE_auOXRDOmeCtNplEUtF46mPQPOFWRfUyI_3umqMTzlqBqVh3DB87fQOcDyWS19mGLEqRS_ls2kKHNEFZCC4; path=/; expires=Wed, 22-Oct-25 13:41:23 GMT; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
set-cookie: _cfuvid=J5DBlCPGmsK7qZvHvHS1p6wX9yJfBYSgtnm6BNrpF8w-1761138683438-0.0.1.1-604800000; path=/; domain=.gitlab.com; HttpOnly; Secure; SameSite=None
server: cloudflareThis has to be a bug with some kind of router or something?
Edited by 🤖 GitLab Bot 🤖