HtsgetReader should not send HTSGet ticket server headers in data server requests

Closed this issue 2 months ago · 0 comments

andaca commented 2 months ago

HtsgetReader currently uses the initial (ticket server) request config when building subsequent (data server) requests, including request headers.

The HTSGet spec states that URL and headers (in the ticket server response) must include any temporary credentials necessary to access the data block. Client must not send the bearer token used for the API, if any, to the data block endpoint, unless copied in the required headers..

This results in incorrect headers being sent to the data server, and thus data requests failing.