LFS token authorization problem when behind a reverse proxy
We used to work with a LFS repo for over 2 years and it was working quite well. Our gitlab server (Community Edition) is behind a apache reverse proxy with basic auth.
We upgraded to 12.4.2 a few days ago and after this, it was impossible for us to do anything with this LFS repo anymore, as we get errors.
From what I could read, 1.4 and up versions use a LFS token authorization (!17332 (merged)) for performance issues, but... It seems that it breaks our basic auth (standard one), so we get 401 HTTP errors when trying to get "LFS part" (git pull still OK, but errors occur when trying to download "real" files). LFS token seems to override standard Authorization header (so can pass auth in reverse proxy) with LFS token, that is not correct for basic auth.
example with git lfs logs last :
Error downloading object: data/SIP_WARNING/ZIP/WARNING_SIP_sans_objet.zip (45c93aa): Smudge error: Error downloading data/SIP_WARNING/ZIP/WARNING_SIP_sans_objet.zip (45c93aac0d76c2f9742bd71162f73753d0c6694dffeeb5fc680be888cf49c7c3): Authentication required: Authorization error: https://gitlab.dev.programmevitam.fr/vitam/vitam-itests.git/gitlab-lfs/objects/45c93aac0d76c2f9742bd71162f73753d0c6694dffeeb5fc680be888cf49c7c3 Check that you have proper access to the repository Authorization error: https://gitlab.dev.programmevitam.fr/vitam/vitam-itests.git/gitlab-lfs/objects/45c93aac0d76c2f9742bd71162f73753d0c6694dffeeb5fc680be888cf49c7c3
We still see same problems with GIT_VERBOSE, result is :
HTTP/1.1 401 Authorization Required
when getting objects.
Is it possible to disable this feature or fix this annoying problem ?
Regards,
Olivier