Currently we validate docker layers are either gzip or tar content. Uploads or proxies of anything else will fail.
This is not consistent with OCI images, which can contain other types of content.
The OCI specification FAQ says:
Q: Should I validate the content type of the patch request body?
A. The content type for blob uploads isn't meaningful since it's consistently the same (application/octet-stream). However, you may so choose to check that the content type is consistent for each chunk in the upload. It would not be logical for it to change part of the way through.
Expected: It should be possible to upload OCI image layers "out of the box", no configuration changes needed. If we can detect that a layer is associated with an OCI image we could be smart about this, and disable validation only for that case. If not, we should just not validate layers. If layer validation is still going to be done disabling content validation in the repository configuration should disable the validation. Whatever is done should be the same for both proxy and hosted repositories.
Note: Disabling content validation does not provide a workaround, the code in question does not check that flag.