[
https://issues.apache.org/jira/browse/MRESOLVER-90?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16898129#comment-16898129
]
Jörg Hohwiller commented on MRESOLVER-90:
-----------------------------------------
> The sniffing of 512 bytes could killed by a license comment if there is no
> XML PI..hard to assure that.
OK. Valid point. Then maybe just check for HTML.
BTW: Regarding Content-Types - even the maven central repo does not follow HTTP
specifications properly as it does not provide content type:
[https://repo1.maven.org/maven2/org/apache/maven/maven/3.6.1/maven-3.6.1.pom]
content-type: application/octet-stream
Hence, Firefox is only showing garbarge but not even proper raw XML content.
> HTML content in POM: Maven should validate content before storing in local
> repo
> -------------------------------------------------------------------------------
>
> Key: MRESOLVER-90
> URL: https://issues.apache.org/jira/browse/MRESOLVER-90
> Project: Maven Resolver
> Issue Type: New Feature
> Affects Versions: 1.4.0
> Environment: both with maven 3.6.0 in CMD or in Eclipse 4.9.0
> Reporter: Jörg Hohwiller
> Priority: Major
>
> For some odd reasons somethimes errors just happen and a maven repo delivers
> an HTML error or login page for a request of a POM or JAR file. It seems as
> if the status code is valid then Maven (might be anything under the hood,
> maybe even ether?) is saving the result without any sanity check or
> validation.
> Therefore I frequently end up with "POM" or "JAR" files in my local repo that
> are no XML but HTML nonsens.
>
> Example:
> {code:java}
> <!--
> DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
>
> Copyright (c) 2007 Sun Microsystems Inc. All Rights Reserved
>
> The contents of this file are subject to the terms
> of the Common Development and Distribution License
> (the License). You may not use this file except in
> compliance with the License.
> You can obtain a copy of the License at
> https://opensso.dev.java.net/public/CDDLv1.0.html or
> opensso/legal/CDDLv1.0.txt
> See the License for the specific language governing
> permission and limitations under the License.
> When distributing Covered Code, include this CDDL
> Header Notice in each file and include the License file
> at opensso/legal/CDDLv1.0.txt.
> If applicable, add the following below the CDDL Header,
> with the fields enclosed by brackets [] replaced by
> your own identifying information:
> "Portions Copyrighted [year] [name of copyright owner]"
> $Id: index.html,v 1.2 2008/06/25 05:48:51 qcheng Exp $
> -->
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
> <html>
> <head>
> <title>Please Wait While Redirecting to Login page</title>
> <script language="JavaScript"> <!--
> function redirectToAuth() {
> var params = getQueryParameters();
> var url = 'UI/Login';
> if (params != '') {
> url += params;
> }
> top.location.replace(url);
> }
> function getQueryParameters() {
> var loc = '' + location;
> var idx = loc.indexOf('?');
> if (idx != -1) {
> return loc.substring(idx);
> } else {
> return '';
> }
> }
> //-->
> </script>
> </head>
> <body bgcolor="#FFFFFF" onLoad="redirectToAuth();">
> </body>
> </html>
> {code}
> I would expect maven to verify the content before officially placing it in
> the correct location inside the local maven repository on my disc.
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
