Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-26676

Native browser redirect prevents Nexus 2.14.5 from storing POMs

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open
    • Resolution: Unresolved
    • Affects Version/s: 7.18.3
    • Fix Version/s: None
    • Component/s: UI
    • Labels:
    • Environment:

      Nexus 2.14.5_02

      Nexus host CentOS 7 (Core)

       

    • Location:
      External

      Description

      With changes to the Spring Milestones and Spring Plugins repositories, our Nexus 2.14 proxies to each began failing. The first issue was Spring's recent hard HTTPS implementation (announced, but delayed, and then the redirect was terminated) to repo.springio.com repositories. This was quickly addressed, but then we started getting failed builds for artifacts in the Milestones repository as Nexus's File Content Validation on artifacts started failing.

      Investigation showed that some POMs were in fact HTML responses. The content of the "POM"s were from the "heartbeat interstitial" page shown prior to rendering the file listing, or calling the download endpoint. This is possibly due to the HTTP 200 OK received by Nexus on the request rendering the interstitial over XHR.

      RTFACT-26216 describes a similar issue with PowerShell. The "possible workarounds" did not apply or work, i.e., it is possible to set the User-Agent in Nexus for a given proxied repo. Several strings were tried, e.g., -, NotABrowser/5, and others not using Mozilla, but none corrected the problem.

      For Example

      The given dependency GAV

      <dependency>
          <groupId>org.springframework.cloud</groupId>
          <artifactId>spring-cloud-dependencies</artifactId>
          <version>Finchley.M8</version>
          <type>pom</type>
      </dependency>
      

      will store the HTML response of the "heartbeat interstitial" at the file spring-cloud-dependencies-Finchley.M8.pom in the cache.

      Temporary Workarounds

      1. Turn off File Content Validation will restore a build, but POM is invalid.
      2. Find direct or transitive dependencies to given resource and use Central distributed artifact, i.e., Finchley.M8 is only available in the milestones or plugin repos, but Finchley.RELEASE is available in Central. This may be difficult in legacy environments or applications.

       Is there a way to disable the Native UI via Cookie, Parameter, or URL to correct?

      Affected Version is newest, but specifically repo.spring.io is on Artifactory Cloud and the version is not easily determined in the public UI.

        Attachments

          Activity

              People

              Assignee:
              Unassigned
              Reporter:
              timothystone Timothy Stone
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:

                  Sync Status

                  Connection: RTFACT Sync
                  RTMID-26686 -
                  SYNCHRONIZED
                  • Last Sync Date: