Thanks for that. Still no luck, I'm afraid. Attached is the full HTTP info for the requests from BaseX (hostname info replaced with "example.org").

I should be able to stick with GET requests for now, but would be nice to have access to POST as well.

All best,
Tim


--
Tim A. Thompson
Metadata Librarian
Yale University Library


On Wed, Feb 2, 2022 at 2:20 PM Christian GrĂ¼n <christian.gruen@gmail.com> wrote:
> I notice that curl doesn't include the Authorization header on the first request, but I am out of my depth here.

That could be an interesting hint. In the latest snapshot [1], I have
removed the Authorization header from the first request. Can you check
if it makes a difference?

If not, could you share the headers of the second requests with us?

[1] https://files.basex.org/releases/latest/