Fix 403 errors when downloading metadata from Packagist and GitHub (ReactDownloader headers issue) #709
Description
While using Repman as a proxy, we are encountering 403 Forbidden errors when downloading package files and metadata.
The issue appears to be related to missing or incorrect HTTP headers in ReactDownloader.php.
Problem Details
- Packagist returns
403when theRepmanheader is sent. - GitHub returns
403when noUser-Agentheader is provided.
Currently, the stream context does not properly adjust headers depending on the target host.
Suggested Improvement
It would be better to conditionally set headers based on the request URL.
Example:
private function createContext(array $headers = [], string $url = '')
{
if ($url && str_contains($url, 'github.com')) {
$headers[] = 'User-Agent: MyApp';
}
$context = [
'http' => [
'header' => implode("\r\n", $headers),
'follow_location' => 1,
'max_redirects' => 20,
],
];
return stream_context_create($context);
}This approach:
- Ensures a valid
User-Agentheader for GitHub requests - Avoids problematic headers when requesting from Packagist
- Prevents 403 errors during metadata and package downloads
Why This Matters
Without proper header handling:
- GitHub blocks requests without
User-Agent - Packagist may block requests with certain custom headers
- Metadata downloads and dependency resolution can fail
If needed, I can prepare a pull request implementing this change.