[ https://issues.apache.org/jira/browse/MRESOLVER-90?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16898129#comment-16898129 ]
Jörg Hohwiller commented on MRESOLVER-90: ----------------------------------------- > The sniffing of 512 bytes could killed by a license comment if there is no > XML PI..hard to assure that. OK. Valid point. Then maybe just check for HTML. BTW: Regarding Content-Types - even the maven central repo does not follow HTTP specifications properly as it does not provide content type: [https://repo1.maven.org/maven2/org/apache/maven/maven/3.6.1/maven-3.6.1.pom] content-type: application/octet-stream Hence, Firefox is only showing garbarge but not even proper raw XML content. > HTML content in POM: Maven should validate content before storing in local > repo > ------------------------------------------------------------------------------- > > Key: MRESOLVER-90 > URL: https://issues.apache.org/jira/browse/MRESOLVER-90 > Project: Maven Resolver > Issue Type: New Feature > Affects Versions: 1.4.0 > Environment: both with maven 3.6.0 in CMD or in Eclipse 4.9.0 > Reporter: Jörg Hohwiller > Priority: Major > > For some odd reasons somethimes errors just happen and a maven repo delivers > an HTML error or login page for a request of a POM or JAR file. It seems as > if the status code is valid then Maven (might be anything under the hood, > maybe even ether?) is saving the result without any sanity check or > validation. > Therefore I frequently end up with "POM" or "JAR" files in my local repo that > are no XML but HTML nonsens. > > Example: > {code:java} > <!-- > DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER. > > Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved > > The contents of this file are subject to the terms > of the Common Development and Distribution License > (the License). You may not use this file except in > compliance with the License. > You can obtain a copy of the License at > https://opensso.dev.java.net/public/CDDLv1.0.html or > opensso/legal/CDDLv1.0.txt > See the License for the specific language governing > permission and limitations under the License. > When distributing Covered Code, include this CDDL > Header Notice in each file and include the License file > at opensso/legal/CDDLv1.0.txt. > If applicable, add the following below the CDDL Header, > with the fields enclosed by brackets [] replaced by > your own identifying information: > "Portions Copyrighted [year] [name of copyright owner]" > $Id: index.html,v 1.2 2008/06/25 05:48:51 qcheng Exp $ > --> > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN"> > <html> > <head> > <title>Please Wait While Redirecting to Login page</title> > <script language="JavaScript"> <!-- > function redirectToAuth() { > var params = getQueryParameters(); > var url = 'UI/Login'; > if (params != '') { > url += params; > } > top.location.replace(url); > } > function getQueryParameters() { > var loc = '' + location; > var idx = loc.indexOf('?'); > if (idx != -1) { > return loc.substring(idx); > } else { > return ''; > } > } > //--> > </script> > </head> > <body bgcolor="#FFFFFF" onLoad="redirectToAuth();"> > </body> > </html> > {code} > I would expect maven to verify the content before officially placing it in > the correct location inside the local maven repository on my disc. -- This message was sent by Atlassian JIRA (v7.6.14#76016)