Closed Bug 230272 Opened 21 years ago Closed 13 years ago

citizen-electronics.com - HTML files sent as image/jpeg

Categories

(Tech Evangelism Graveyard :: English US, defect)

Product:
Tech Evangelism Graveyard
Component:
English US
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE

People

(Reporter: rouben, Unassigned)

References

(
URL
)

Details

Attachments

(2 files)

PageInfo dialog for http://www.citizen-electronics.com/
7.04 KB, image/png
Details
Screenshot of Mozilla Browser at http://www.citizen-electronics/
28.15 KB, image/png
Details 
User-Agent:       Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.5) Gecko/20031007 MultiZilla/1.5.0.4h
Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.5) Gecko/20031007 MultiZilla/1.5.0.4h

The web server for http://www.citizen-electronics.com/ has misconfigured
MimeTypes; it reports "image/jpeg" for documents where "text/html" is the
correct Content-Type. As a result, Mozilla doesn't attempt to render the web
page, and displays the error message "The image
“http://www.citizen-electronics.com/” cannot be displayed, because it contains
errors.". Microsoft Internet Explorer 6.0 assumes "text/html" even though the
web server reported "image/jpeg" and renders the page properly.

Reproducible: Always

Steps to Reproduce:
Navigate to http://www.citizen-electronics.com/ with Mozilla.

Actual Results:  
When trying to load the URL http://www.citizen-electronics.com/ Mozilla displays
the following error message instead and in place of the actual web site:

----- START OF EXACT TEXT OF ERROR MESSAGE -----
The image “http://www.citizen-electronics.com/” cannot be displayed, because it
contains errors.
----- END OF EXACT TEXT OF ERROR MESSAGE -----

The message above appears in the default "Serif" type font (as defined in
preferences; in my case "Times New Roman") and appears to be just a plain text
message (not an image, possibly HTML-based). The actual text of the error
message appears in the same place where web pages are normally rendered and does
NOT show up anywhere else (e.g. on the status bar and/or as a dialog box).

Expected Results:  
When a MimeType is misreported by the web server, Mozilla should try to do some
checking of its own (through MimeMagic or a similar mechanism) in case it finds
problems with the data received from the web server. At the very least Mozilla
should check for text/html and text/plain and if a positive match is made, try
to render the page, ignoring the potentially invalid Content-Type header
supplied by the web server.

Suggestion for a solution:
==========================
Here's a simple snipplet of pseudocode to resolve the issue (C-ish syntax):

----- START OF PSEUDOCODE EXAMPLE -----
reportedMimeType = getMimeTypeFromWebServerResponse(incomingData);
detectedMimeType = checkMimeType(incomingData);

if (reportedMimeType != detectedMimeType)
{
  /* The next line could be useful, so the user can */
  /* inform the webmaster of the site that there    */
  /* are server problems.                           */
  warnUserOfMisconfiguredServer();
  if (detectedMimeType == 'text/html')
  {
    renderAsHTML(incomingData);
  }
  else // if (detectedMimeType != 'text/html')
  {
    promptUserToDownloadFile(incomingData);
  }
} // endif (reportedMimeType != detectedMimeType)
----- END OF PSEUDOCODE EXAMPLE -----

Personal opinion:
=================
On a more personal note: it's not a secret that most web sites on the web are
made with Internet Explorer in mind. This issue does not seem to affect Internet
Explorer versions 5 and 6 on the Microsoft Windows platform (not sure about Mac
OS Classic/X). I completely understand that this is a server configuration
issue, and an HTTP RFC violation on top of that, however, one has to keep in
mind that this issue can severely limit Mozilla users from viewing certain web
sites. As a result, Mozilla's reputation and popularity will suffer. In my
opinion, this issue should be definitely resolved.
This is a screenshot of the PageInfo dialog ("View" menu --> "Page Info" menu
item) for the URL http://www.citizen-electronics.com/ under Mozilla/5.0
(Windows; U; Win98; en-US; rv:1.5) Gecko/20031007 MultiZilla/1.5.0.4h.
This is a screenshot of the Mozilla browser component attempting to render
http://www.citizen-electronics.com/ unsuccessfully. User-agent string:
Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.5) Gecko/20031007
MultiZilla/1.5.0.4h.
We CAN guess the type.  We just don't, since that would be a blatant violation
of the specs involved.  And we have no plans to start.

To evang to contact the server maintainer.
Assignee: file-handling → english-us
Status: UNCONFIRMED → NEW
Component: File Handling → English US
Ever confirmed: true
Product: Browser → Tech Evangelism
QA Contact: ian → english-us
Version: Trunk → unspecified
For the record, Opera also just assumes it is an image.
By the way, Rouben, if you're interested, there are dozens of bugs filed on this
issue already; mostly resolved duplicate or invalid... they give more extensive
reasons for why we don't do this MIME type guessing.
First of all, thank you all for your feedback. I can guess how frustrating it
must be answering identical bug reports over and over again with practically the
same canned response. I've browsed through bugs related/identical to mine, and
unfortunately I was unable to find a satisfactory response. Again, I apologize
in advance if I missed something. Thank you for your understanding.

Despite the fact that implementing mimetype guessing will be considered as
breaking HTTP specs, at this point, I think it's a rather necessary evil. I can
put forth a plethora of reasons why I think this is necessary, but I'll focus on
the most important points instead:

0. Regular users couldn't care less *why* a page is not being displayed
properly. If it doesn't work for them, they will switch browsers. Period. I
don't think that's in anyone's best interests.
1. Most webmasters don't know what they are doing. There are a lot more
misconfigured web servers on the web than you might think (no offence intended).
2. Webmasters that don't know what they are doing usually don't fix any of their
problems, either because they don't know how, or because they simply don't care.
[OFFTOPIC] A very blatant example is located at
http://www.torontoprometric.com/Bookings/BookingRequest.htm (not related to this
issue, but a quick glance at what is requested in the form and at the way form
submission is implemented will give you an idea; by the way that web site is a
"monopoly" for TOEFL testing in Toronto, Canada, and I am considering reporting
them to VISA and MasterCard for willingly running an insecure form).
3. Finally, I am willing to bet that Netscape/AOL will probably implement this
in their releases of the browser anyway (they already bundled it with so much
junk that this will probably be a non-issue for them).

Having said the above, I completely understand and respect the standards
involved here. I'm all for these standards, and I really do believe that the
Internet would have been a much better place if everyone and everything followed
standards to the letter. However, the world (and the Internet) is not at all a
perfect place. And when something is imperfect, you can either adjust or go down
in flames. Unfortunately you seem to choose the latter. Even more
philosophically: this is a matter of "evolution", if you will, whereby the
environment has changed (misconfigured web server) and in order to "survive"
Mozilla needs to adapt (implement mimetype guessing). If it doesn't adapt, it
will not "survive".

By the same token, popup blocking is also a violation of standards, because
according to JavaScript specs, a window.open() means that a browser should open
a new window, and Mozilla clearly doesn't do that with popup blocking turned on
(in certain cases). This is a violation of standards, but it was a necessary
evil. Mimetype guessing is in the same position at this point.

I strongly urge you to reconsider this issue. In my opinion, the perfect way to
do this, is to implement a boolean config value that triggers mimetype guessing
behaviour. Leave it disabled by default, if you wish, but *do* have the option
to enable it.
OS: Windows 98 → All
Severity: normal → major
Rouben, the problems with mimetype guessing are as follows:

1) Will break a number of sites that serve up content that looks like one type
   of data but is being sent as another (and is meant to be interpreted as
   another).  Bugzilla itself is an example -- a lot of crash testcases are
   served up as text/plain to keep people from accidentally crashing.  For a lot
   of these sites IE does not matter, really, so they can assume no guessing
   happens (since no other browser really does it).
2) MIME type guessing can lead to security holes when security systems allow
   through content deemed "safe" because of its type.  This includes
   security systems both internal and external to Mozilla.

We appreciate the issues involved, and we recently _did_ start treating some
text/plain pages as application/octet-stream because Apache's default
configuration is so broken.  That covers almost every single report we have ever
received on the issue, and the goal is to provide maximum usability with minimum
non-conformance (exactly like the popup blocker -- we don't disable _all_
window.open calls).

Netscape/AOL are not likely to ship another release, really.  Netscape is no
more and AOL is not interested.

Finally, IE is about to ship a service pack which removes a significant amount
of MIME type sniffing from that browser.  That will likely radically affect the
situation existing on the internet today.
Severity: major → normal
Thanks very much for this explanation. I sincerely hope that when Microsoft
makes their browser a bit more standard compliant that will force some web site
operators to put some more thought into their web sites and web server
configurations. Again, thank you very much for your time and troubles.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → INVALID
as this is an evangelism bug, it is not invalid.
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
Summary: Browser unable to guess correct MimeType when web server reports incorrect MimeTypes → citizen-electronics.com - HTML files sent as image/jpeg
[bug248549notfixed]
INCOMPLETE due to lack of activity since the end of 2009.

If someone is willing to investigate the issues raised in this bug to determine whether they still exist, *and* work with the site in question to fix any existing issues, please feel free to re-open and assign to yourself.

Sorry for the bugspam; filter on "NO MORE PRE-2010 TE BUGS" to remove.
Status: REOPENED → RESOLVED
Closed: 21 years ago13 years ago
Resolution: --- → INCOMPLETE
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: