We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Търсене в помощните статии

Избягвайте измамите при поддръжката. Никога няма да ви помолим да се обадите или изпратите SMS на телефонен номер или да споделите лична информация. Моля, докладвайте подозрителна активност на "Докладване за злоупотреба".

Научете повече

content-disposition as attachment for HTML file downloads rendered text

  • 1 отговор
  • 0 имат този проблем
  • Последен отговор от garym3

more options

I am at a loss as to why this started to happen only a few weeks ago after a years of working fine, and why it should happen at all:

given a link to an HTML file where the headers include content-disposition set to attachment and the server (NextCloud30) mistakenly setting content-type to text/plain, what downloads is not the HTML file, but a text rendering of that HTML file, which is, of course, completely useless to the purpose and makes no sense whatsoever that it should happen. Why would anyone download a file and expect to the be interpreted?

But more to the point, how do I stop this behaviour. The above link, on my home cloud so be gentle, will work just fine on Firefox/Linux, but on Firefox/Android it will download as a 7k rendering of the file, renamed with the txt extension. The link itself is just a few holiday classics in the iRealPro format, which is, sadly, and HTML file. Up until two weeks ago, I would post a link in our band group chat, band members would click the link, be asked if they should launch iReal, and then iReal would ask if they would like to import this playlist.

what happens now is I post the NextCloud public link, they click and get a landing page that correctly describes the file as 20k HTML and has that previous link as the Download button. Clicking that gets you 7k of useless text.

I can't say for certain that this is a few 'feature' of a recent Firefox update or something that was changed in a minor update to Nextcloud. I believe it may also happen on Safari, but I haven't confirmed that, all I know is the link does not work on mobile for most users.

Here are the headers that curl reports, although I don't think Nextcloud gives me any option to change these:

content-security-policy: default-src 'self'; script-src 'self' 'nonce-mgMdbHYk4V+oWScEpk7i171o4ZyKPO7IxeSXK7sI63s='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; content-disposition: attachment; filename*=UTF-8Xmas%20Market.html; filename="Xmas%20Market.html" content-transfer-encoding: binary expires: 0 cache-control: must-revalidate, post-check=0, pre-check=0 x-accel-buffering: no set-cookie: oc_sessionPassphrase=%2Fegdgxxr7IrZtmyhNVtKFUUTuaGRP97kftOGnPzaj0WDg0DTeoWnq%2BjRFrtKqQPB5lt%2B7pqIHRhLLNwXOQpErhhw8LGyV7zkmBq1lKRKVtcrqgZQTgB8iPK%2By24iPZnd; path=/; secure; HttpOnly; SameSite=Lax set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict set-cookie: ochghoy8fko5=n0ktulqqs85monimi7nm0hkqb5; path=/; secure; HttpOnly; SameSite=Lax strict-transport-security: max-age=15768000; includeSubDomains referrer-policy: no-referrer x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-permitted-cross-domain-policies: none x-robots-tag: noindex, nofollow x-xss-protection: 1; mode=block content-length: 20456 content-type: text/plain;charset=UTF-8 date: Sun, 08 Dec 2024 18:25:07 GMT server: Apache

I am at a loss as to why this started to happen only a few weeks ago after a years of working fine, and why it should happen at all: given [https://nas.teledyn.com/s/JtggMFbi5tPYBqT/download/Xmas%20Market.html a link to an HTML file] where the headers include content-disposition set to attachment and the server (NextCloud30) mistakenly setting content-type to text/plain, what downloads is not the HTML file, but a text rendering of that HTML file, which is, of course, completely useless to the purpose and makes no sense whatsoever that it should happen. Why would anyone ''download'' a file and expect to the be ''interpreted''? But more to the point, how do I stop this behaviour. The above link, on my home cloud so be gentle, will work just fine on Firefox/Linux, but on Firefox/Android it will download as a 7k rendering of the file, renamed with the txt extension. The link itself is just a few holiday classics in the iRealPro format, which is, sadly, and HTML file. Up until two weeks ago, I would post a link in our band group chat, band members would click the link, be asked if they should launch iReal, and then iReal would ask if they would like to import this playlist. what happens now is I post the [https://nas.teledyn.com/s/JtggMFbi5tPYBqT NextCloud public link], they click and get a landing page that correctly describes the file as 20k HTML and has that previous link as the Download button. Clicking that gets you 7k of useless text. I can't say for certain that this is a few 'feature' of a recent Firefox update or something that was changed in a minor update to Nextcloud. I believe it may also happen on Safari, but I haven't confirmed that, all I know is the link does not work on mobile for most users. Here are the headers that curl reports, although I don't think Nextcloud gives me any option to change these: content-security-policy: default-src 'self'; script-src 'self' 'nonce-mgMdbHYk4V+oWScEpk7i171o4ZyKPO7IxeSXK7sI63s='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; content-disposition: attachment; filename*=UTF-8''Xmas%20Market.html; filename="Xmas%20Market.html" content-transfer-encoding: binary expires: 0 cache-control: must-revalidate, post-check=0, pre-check=0 x-accel-buffering: no set-cookie: oc_sessionPassphrase=%2Fegdgxxr7IrZtmyhNVtKFUUTuaGRP97kftOGnPzaj0WDg0DTeoWnq%2BjRFrtKqQPB5lt%2B7pqIHRhLLNwXOQpErhhw8LGyV7zkmBq1lKRKVtcrqgZQTgB8iPK%2By24iPZnd; path=/; secure; HttpOnly; SameSite=Lax set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict set-cookie: ochghoy8fko5=n0ktulqqs85monimi7nm0hkqb5; path=/; secure; HttpOnly; SameSite=Lax strict-transport-security: max-age=15768000; includeSubDomains referrer-policy: no-referrer x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-permitted-cross-domain-policies: none x-robots-tag: noindex, nofollow x-xss-protection: 1; mode=block content-length: 20456 content-type: text/plain;charset=UTF-8 date: Sun, 08 Dec 2024 18:25:07 GMT server: Apache
Прикачени екранни снимки

Избрано решение

While I still don't see the value in what is downloaded being rendered, I have found the solution to my problem in the Nextcloud sources where I could force .html to be text/html and not text/plain, and the file now downloads as the original HTML.

Прочетете този отговор в контекста 👍 0

Всички отговори (1)

more options

Избрано решение

While I still don't see the value in what is downloaded being rendered, I have found the solution to my problem in the Nextcloud sources where I could force .html to be text/html and not text/plain, and the file now downloads as the original HTML.

Полезно?

Задаване на въпрос

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.