Closed
Bug 175848
Opened 22 years ago
Closed 22 years ago
Can't implicitly trust text/plain content type
Categories
(Camino Graveyard :: Downloading, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
Camino0.7
People
(Reporter: sdagley, Assigned: sdagley)
References
Details
Attachments
(1 file, 3 obsolete files)
1.70 KB,
patch
|
Details | Diff | Splinter Review |
It is becoming more and more common for Mac users to be downloading files that
have .dmg.gz as an extension. Unfortunately the .dmg extension isn't isn't a
generally known type so we're ending up with the default Apache (and maybe other
servers) content type of text/plain causing us to try and display the file
rather than download it. Rather than blindly assume the text/plain type is
valid we should, at a minimum, use the buffer null sniff from
nsUnknownDecoder::DetermineContentType() to see if applicatiion/octet-stream
would be more appropriate.
Comment 1•22 years ago
|
||
I've seen reports of servers serving up .dmg.gz as "text/html" too. So maybe
it's not just text/plain.
Comment 2•22 years ago
|
||
> use the buffer null sniff from nsUnknownDecoder::DetermineContentType()
Sounds like a good idea. What's the perf hit for doing that for every text/html
or text/plain load? Is it going to skew the pageloader #'s?
Comment 3•22 years ago
|
||
It should be decently cheap, actually... especially if we fix the html-check in
there to not suck.
Two concerns I have:
1) Does text/plain imply us-ascii or equivalent encoding? Or are things like
UCS-2 valid text/plain documents?
2) We should really not autodetect html served as text/plain.... there are far
too many cases (eg crasher testcases in bugzilla, demos of various sorts,
etc) where that's being done completely on purpose.
I'm basically looking for something similar to what IE does -- take the original
type, the detected type, info from the extension, put them all together, and
mix.... (with us weighting original type a _lot_ more than IE does).
Comment 4•22 years ago
|
||
text/plain is not limited to any encoding. BOMs can be used to determine Unicode
encodings, but other than that it is left to the server or the default app to
determine encoding.
Why not just equip Mozilla with a reasonably comprehensive magic number file and
utilize magic numbers to determine content whenever necessary (like the BSD
"file" command)? Apache can of course be configured to use magic numbers, but
this is unfortunately not the defualt.
Comment 5•22 years ago
|
||
Ah... that is unfortunate... for one thing, that means that text/plain can
contain embedded nulls... (I've considered just shelling out 'file' in the past,
btw.... there are issues with that, however... )
Comment 6•22 years ago
|
||
I've been warned in bug 169991 not to spam this one with "this is evil"
comments, so I won't, even though it is... :)
I just hope that, if some sort of MIME-overriding based on analysis of data
and/or URL extensions (etc.) is done, in order to increase ability of Mozilla
users to access sites with poorly configured servers, that this be done as a
preference setting that allows Mozilla to still be run in a complete
standards-compliance mode by users who wish it that way. Preferably, the
standards-compliance mode should be the default, with departure from standards
requiring a specific decision on the part of the user.
Comment 7•22 years ago
|
||
Plugins have this problem all over the place too, on all platforms.
See bug 169991, bug 175368.
testcase (sorry, internal): http://slip.mcom.com/shrir/Dice.swf
(works on browsers with fix from bug 163568)
Assignee | ||
Comment 8•22 years ago
|
||
A suggestion from the Chimera mailing list:
1. IF (the MIME type is "application/octet-stream" OR "text/plain") AND (the
file exension is listed in our /private/etc/httpd/mime.types) THEN use the
locally referenced mime type.
2. ELSE trust the server MIME type.
I think this gives us a fairly cheap, easy to implement solution, and well
specified solution that roughly says use the best information that the server or
client can come up with. I don't think it does contradict any RFCs. Can someone
who thinks otherwise give us a proper reference, please?
--
Ian Eiloart - University of Sussex Computing Service
<http://www.sussex.ac.uk/USCS/Staff/staff3.cfm?ID=iane>
<http://Eiloart.com/>
Other than re-checking the extension when the served type is
application/octet-stream I think it's a reasonable approach since the null in
buffer test has been shot down
Comment 9•22 years ago
|
||
The relevant RFC reference is RFC 2068, section 7.2.1:
Any HTTP/1.1 message containing an entity-body SHOULD include a
Content-Type header field defining the media type of that body. If
and only if the media type is not given by a Content-Type field, the
recipient MAY attempt to guess the media type via inspection of its
content and/or the name extension(s) of the URL used to identify the
resource. If the media type remains unknown, the recipient SHOULD
treat it as type "application/octet-stream".
So, in fact, doing anything but blindly trusting the content type (if it is
present) is a violation of the RFC...
That said, the suggestion is not completely unreasonable.. I would still rather
sniff the data than the extension if we have to do _something_
Comment 10•22 years ago
|
||
I really don't think that Chimera should be looking at
/private/etc/httpd/mime.types. Internet Config maybe, but not that file.
Comment 11•22 years ago
|
||
Extensions...?
<a type="video/mp4" href="mymovie.rm">Looky here!</a> will then result in
what...? RealOne loading!?
<a type="plain/text" href="app.gz.dmg">Download</a> will have what effect...?
Approximately 0.00001% of servers are configured to handle MPEG-4, so this will
always yield garbage with any Gecko browser, since Gecko trusts the dumb server
and not the author of the document (the only intelligent being in this chain).
Comment 12•22 years ago
|
||
> type="plain/text"
we should trust that?
Comment 13•22 years ago
|
||
With Apache servers, you can set up custom mime types using .htaccess files,
directory by directory. Thus, saying "the dumb server isn't configured for that
type" is no excuse to not serve it correctly in your own site.
Comment 14•22 years ago
|
||
Most people don't have a site server of their own. They rely on ISP:s.
The default configuration for Apache does not allow .htaccess, and I have yet to
see an ISP that actually does allow this. I just managed to convince my ISP at a
university to support application/xhtml+xml, video/mp4, audio/mp4, and also
.xhtml as a DirectoryIndex item. I guess these people are supposed to be more
enlightened than others (yet they hadn't implemented this until now, when
explicitly asked about it), but there are several commercial ISP:s that ignore
such requests and don't give a damn. There are many evangelism bugs covering
that, leading nowhere.
So to sum up, web server makers don't configure their servers properly when
shipping (what exactly is text/x-point-plus and what is its apparently extreme
relevance to the web?), and they also configure for benchmarks, stripping out
all good features. They certainly do not have a comprehensive set of MIME types
defined, so it will be up to the website admins to actually do the grunt work.
They might or might not. Whenever new types are registered, there will be some
serious delay before web servers implement this. Thus, this will conserve rather
than help the net evolve.
All servers I have come across also define a default type and generally don't
allow for magic number support, which means that this ridiculous DOS-extension
based meta-data method will prevail. So much for platform independence.
The server is a machine. It doesn't know more than it has been configured to
know, and that is often not too much. HTML documents are created by intelligent
beings, who know first-hand what their material really is. It should be their
choice that comes first in the list of determining what a file really is. If
that was so, there would be no bugs like this and others, and everyone would be
happy (except the high HTTP priests that for some obscure and completely
metaphysical and irrelevant reason think it really matters if the useragent
actually cares about that type attribute defined in HTML). [And actually, not
even Mozilla is consistent about this; it will load any extensionless file if
enclosed in an image tag: <image src="picture" />.]
The current dogmatic stance taken by the Mozilla group has the following
practical consequences: 1) People will refrain from using strict doctypes when
developing sites, and 2) people in general will avoid using Gecko browsers
"since they can't even download properly and render ugly pages without style".
The HTML spec clearly allows for overriding the HTTP server's MIME type, if
there is any doubt about the content's validity, but Mozilla has opted to ignore
this. And that is the worst mistake Mozilla ever made and will make.
Comment 15•22 years ago
|
||
My hosting provider, Dreamhost, supports .htaccess files. Perhaps many other
hosting providers do, and their users just have never even thought to try them.
I don't know of anything in the specs that allow browsers to second-guess
server-supplied content types, and I know of specific prohibitions on doing so
in the specs. W3C has said on this subject:
The architecture of the Web depends on applications making
dispatching and security decisions for resources based on their
Internet Media Types and other MIME headers. It is a serious
error for the response body to be inconsistent with the
assertions made about it by the MIME headers. Web software SHOULD
NOT attempt to recover from such errors by guessing, but SHOULD
report the error to the user to allow intelligent corrective
action.
http://www.w3.org/2001/tag/2002/0129-mime
MSIE's disregarding of these standards result in the fact that certain perfectly
standards-compliant things don't work reliably in that browser; most notably,
trying to get the plain-text output of a CGI script to display correctly is a
crapshoot. Here are some test examples:
http://webtips.dan.info/cgi-bin/plaintext.pl
http://webtips.dan.info/cgi-bin/plaintext.pl/test.html
http://webtips.dan.info/cgi-bin/plaintext.pl/test.jpg
http://webtips.dan.info/cgi-bin/plaintext.pl/test.exe
http://webtips.dan.info/cgi-bin/plaintext.pl/test.swf
Another test suite:
http://entropymine.com/jason/testbed/mime/
More comments:
http://ppewww.ph.gla.ac.uk/~flavell/www/content-type.html
Comment 16•22 years ago
|
||
*** Bug 176459 has been marked as a duplicate of this bug. ***
Comment 17•22 years ago
|
||
The Mozilla policy has been against this sort of thing.
Wouldn't it make more sense to file a bug against Apache for
a) defaulting to text/plain
b) not including a type for .dmg
?
(I've added garbage to a text file in order to prevent IE from parsing it as XML
and showing well-formedness errors...)
Comment 18•22 years ago
|
||
Dan and Niklas -- stop the ranting. It is claimed that we have a real problem.
Suggest a real solution instead of speaking in vague and useless generalities.
Assignee | ||
Comment 19•22 years ago
|
||
To steer this bug back to the immediate problem with .dmg files and what we can
do about it in Chimera (where we care about the user experience at least as much
as we care about folloing RFCs to the letter)...
Buffer sniffing for NULLs is out. Inspection of several .dmg files does not
reveal any pattern that could be used to identify them so a magic number is out.
This pretty much leaves sniffing the .dmg extension (and the .dmg.gz
extension/encoding variant) if we hit text/plain (and maybe text/html as sfraser
encountered). No it's not pretty and no it's not 100% foolproof but unless I
missed something other than a miracle causing every web server in existence to
set a mapping for .dmg I see no other solution. This doesn't mean Mozilla
should solve the problem in the same way so perhaps we should diverge that
discussion to a different bug.
Comment 20•22 years ago
|
||
Why is buffer sniffing out? All the .dmgs I looked at had lots of zero bytes
near the beginning.
Assignee | ||
Comment 21•22 years ago
|
||
Comment #4 indicates NULLs may be present with multibyte text
Comment 22•22 years ago
|
||
Actaully, now that I think about it some more....
_If_ the type is text/plain _and_ there's no charset specified in the headers
then we can sniff for null without fear, since we would almost certainly
mis-decode that content anyway.... If we do not find nulls, we leave it as
text/plain (that's what the unknown decoder will default to anyway, if it finds
no nulls and matches nothing else).
This would allow us to at least fall back to application/octet-stream for
.dmg.gz, maybe... thoughts?
Comment 23•22 years ago
|
||
In addition, multibyte text should never have 2 zero bytes in a row. You could
sniff for that.
Comment 24•22 years ago
|
||
It should if it's UCS-4...
Comment 25•22 years ago
|
||
Another possibility that was suggested by someone on Mozillazine, more or less.
We make it possible to override specific MIME-type-and-filename combinations via
a pref (eg "text/plain" and "ends in .dmg.gz"). We don't even need UI for this
pref yet -- Chimera could just set it... (though UI would be nice eventually).
I say "filename" instead of "extension" because the extension of .dmg.gz is just
"gz"....
Assignee | ||
Comment 26•22 years ago
|
||
Ok, don't look Hixie cause you'll get ill :-)
This patch checks for a .dmg in the url if the content type is text/plain or
text/html and changes it to application/octet-stream to force a download.
Comment 27•22 years ago
|
||
> + if (theFileName.RFind(".dmg") > 0)
Could we make this check that the end is ".dmg.gz" or ".dmg"? The code
as-written will match http://www.dmgcorp.com/
Also, there are _many_ nsIURI's that are not nsIURLs. Please null-check that
pointer; otherwise the next javascript: or data: or view-source: uri you click
on (eg in the JS console) will crash. ;)
The rest looks fine, assuming this patch is meant for Chimera only, of course.
Assignee | ||
Comment 28•22 years ago
|
||
I just wanted to verify it worked. I'll post a cleaner version with the
suggested fixes after I catch up on my sleep :-)
Assignee | ||
Comment 29•22 years ago
|
||
Now I can go to sleep
Attachment #104250 -
Attachment is obsolete: true
Comment 30•22 years ago
|
||
Comment on attachment 104252 [details] [diff] [review]
w/bz's suggestions
sr=bzbarsky for Chimera only (not trunk), if I'm allowed to do this. ;)
Attachment #104252 -
Flags: superreview+
Comment 31•22 years ago
|
||
Comment on attachment 104252 [details] [diff] [review]
w/bz's suggestions
+ if (nsCRT::strcasecmp(contentType.get(), "text/plain") ||
is contentType a nsACString derivative? In that case, should you use
contentType.Equals(NS_LITERAL_CSTRING("text/plain")) here?
Comment 32•22 years ago
|
||
Oh, good catch.... I should have gotten sleep before reviewing too. ;)
Comment 33•22 years ago
|
||
Except that should be
Equals(NS_LITERAL_CSTRING("text/plain"), nsCaseInsensitiveCStringComparator())
Assignee | ||
Comment 34•22 years ago
|
||
the post-sleep version of the fix
Attachment #104252 -
Attachment is obsolete: true
Comment 35•22 years ago
|
||
Re comment #17:
> Wouldn't it make more sense to file a bug against Apache for
> a) defaulting to text/plain
Yes absolutely. Apache should default to application/octet-stream, this is the
MIME type that is defined for "unknown file, let the user agent/user figure it
out". text/plain is maybe/probably a ghost from the distant past when unix files
were all pretty much text. Nowadays the opposite is true.
If apache changed to application/octet-stream then 99% of the time this bug
would go away, yes?
...with no need for chimera to install hacks, etc. to deal with text/plain files
that aren't.
Comment 36•22 years ago
|
||
Actually, Apache should just send no type at all if it has no idea what the type
is. We've filed a bug to that effect and attached a patch against the current
Apache tree that implements that behavior.
Assignee | ||
Comment 37•22 years ago
|
||
Checked in Chimera only
Comment 38•22 years ago
|
||
> We've filed a bug to that effect
ok, I now tried to find that bug on http://bugs.apache.org, without success.
could you give a link to it please?
Comment 39•22 years ago
|
||
Comment 40•22 years ago
|
||
> I just hope that...this be done as a
preference setting that allows Mozilla to still be run in a complete
standards-compliance mode by users who wish it that way.
So in your evangelism about MIME types of all things, you are suggesting MORE
UI!?!?!? I don't think so. Second guessing the MIME types may be evil to you
, but superfluous UI is satan himself.
Comment 41•22 years ago
|
||
Maybe to you, but to me one of the strong points of Mozilla is that it is highly
configurable, and isn't just "one-size-fits-all", or "Where do we want to force
you to go today?" I don't mind the configuration section being large and
complex as a result. That makes for a power-user's browser, not a dumbed-down
thing aimed at the stupid and ignorant.
Maybe Chimera has a different philosophy; as long as this bug's fix stays in
that browser's code and doesn't find its way into the Mozilla trunk, I won't
object further as I don't use Chimera (or even the platform it runs on).
Comment 42•22 years ago
|
||
Re: Comment #41 From Dan Tobias 2002-10-27 12:17
> Maybe to you, but to me one of the strong points of Mozilla is that it is
> highly configurable, and isn't just "one-size-fits-all", or "Where do we want
> to force you to go today?" I don't mind the configuration section being large
> and complex as a result. That makes for a power-user's browser, not a
> dumbed-down thing aimed at the stupid and ignorant.
That's true; that's what options are there for. Unfortunately, options often add
unnecessary bloat. Also, Mozilla already *has* way too many options. And it's
difficult to sort them.
> Maybe Chimera has a different philosophy;
It does. As its release notes say, it's supposed to be a clean and simple native
OS X Gecko browser.
> as long as this bug's fix stays in
> that browser's code and doesn't find its way into the Mozilla trunk, I won't
> object further as I don't use Chimera (or even the platform it runs on).
Well, .dmg doesn't really matter to non-OSX systems anyway. Okay, maybe GNUStep etc.
Comment 43•22 years ago
|
||
It's an extremely hypothetical situation, but would this patch incorrectly match
to something like www.dmg.ws? I'm not aware of any actual websites with domain
names of the form dmg.xx, but I just wanted to bring it up as a possible
(although very unlikely) problem with this solution. It's certianly not
something I'm actually worried about.
P.S. - Thanks for the link to the Apache bug. I spent 3 votes on it :)
Comment 44•22 years ago
|
||
> but would this patch incorrectly match
No. That's what GetFileName is for, you know.
Comment 45•22 years ago
|
||
You would, however, get false positives if any site used a CGI script with a
.dmg extension that generated text/plain or text/html output. That's the sort
of problem you run into once you start doing MIME-second-guessing.
Comment 46•22 years ago
|
||
Dan:
your point is well taken, but I have to say I've run into far more sites serving
.dmgs with incorrect mimetypes than sites using .dmg CGI scripts that generate
text/plain or text/html output. Thanks to Micro$oft (and to a lesser degree
Netscape 4), we have to do dumb stuff like quirks mode and file extension sniffing.
If you haven't already, please vote for the Apache bug and email Microsoft about
this. The sooner we can get either of them to change their behavior, the sooner
we can scrap this patch. (My money's on Apache.)
Comment 47•22 years ago
|
||
Looks like we may have broken something: bug 177020.
Comment 48•22 years ago
|
||
+ if (extPosition > 0 &&
+ ((extPosition == nameLength - 4) || (extPosition == nameLength - 7)))
What is this mysterious '7' here? I assume it's for .dmg.gz, but what about
.dmg.sit or .dmg.tgz ?
Comment 49•22 years ago
|
||
re comment #36 - boris, I agree with you that sending nothing is ultimately the
correct behaviour for apache. That gives the UA total latitude to figure out
what to do. However, simply asking apache to change the default DefaultType to
application/octet-stream would achieve an almost as good result (IMHO) since:
(RFC 2046)
> The recommended action for an implementation that receives an
>"application/octet-stream" entity is to simply offer to put the
> data in a file, with any Content-Transfer-Encoding undone,
> or perhaps to use it as input to a user-specified process."
This is just as good, in almost all cases. The only case where I can see it
falling down is if the content actually should be displayed inline or
automatically using a plug-in, in which case following the MIME spec would be
broken because it would pop up a file save dialog. ... except that the MIME
spec here is only "recommended ... or perhaps" so I think you can do content
sniffing and whatever anyway.
In any case I appreciate your effort to patch apache but I think this simpler
change will accomplish the same thing. Also this change could be back-propagated
to users of older apaches by advising them to change the config file (it's a
small change).
Comment 50•22 years ago
|
||
> but what about .dmg.sit or .dmg.tgz ?
Apache comes with a reasonable default type for .sit. Using .dmg.tgz makes no
sense (and I think it resolves to a reasonable type as well, but I haven't
tested with a vanilla installation of Apache).
Assignee | ||
Comment 51•22 years ago
|
||
Sourceforge breaks the current 'fix' as it has links like this:
<http://prdownloads.sourceforge.net/fire/Fire.app.0.31.e.dmg?download>
Planned workaround here is to not mangle the content type when the URL contains ?foo
Comment 52•22 years ago
|
||
I'm not sure how hard it would be to port the fix for bug 177026 over to
Chimera, but that may be worth looking at... That would allow you to restrict
this code to resetting the content-type to an empty string (or even
application/x-unknown-content-type) and allowing the content-sniffer to perform
type detection on it...
In fact, you may want to try that anyway, even if you don't port that fix over.
If .dmg.something always contains nulls, that would make it be detected as
application/octet-stream anyway.... and if you limit the clearing to the cases
where you do it now it shouldn't affect most content...
Assignee | ||
Comment 53•22 years ago
|
||
now check to see if URL contains a query before we try and look for a .dmg
extension on the file name. Also slightly reorg of the code to not check for
the length of the file name if no .dmg is found
Attachment #104281 -
Attachment is obsolete: true
Comment 54•22 years ago
|
||
Didn't I tell ya there'd be problems with CGI output from URLs with .dmg? :-)
This newest patch is only a Band-Aid [tm]... next somebody'll find another site
that uses .dmg CGI scripts without any parameters (maybe as the destination of a
form post), and they'll still break.
I tell ya, this MIME-second-guessing stuff is a tar baby... you'll keep getting
stuck deeper and deeper in it the more you try to extricate yourself.
Assignee | ||
Comment 55•22 years ago
|
||
Checked in version that handles a query in a .dmg URL
Experimented with bz's suggestion for application/x-unknown-content-type but
since Chimera is based off of a 1.0 branch it doesn't have his spiffy new code
and doesn't work. Unless an infinite recursion somehow fits the definition of
work :-)
Dan, you can say "I told ya so" all you want :-) That doesn't change the fact
the default Apache configuration makes this a major issue for Mac users. I care
a helluva lot more about their experience with Chimera than following the letter
of the spec which doesn't address what to do when the content type is so
blatently wrong and only set because of a bad default in the first place.
Comment 56•22 years ago
|
||
You can override Apache defaults with .htaccess files, you know. While it's
true that some hosting providers may disable this feature, there are a lot of
webmasters who are actually capable of setting such configurations correctly in
their own sites but just don't know it.
Comment 57•22 years ago
|
||
> there are a lot of webmasters who are actually capable of setting such
configurations correctly in their own sites but just don't know it.
Yeah, but that doesn't do Joe Surfer any good at all. Sure a few people might
get a nice feeling of superiority knowing that the webmaster at some site isn't
as on the ball as they could be. But most users are just going to say, "What
the heck is all this garbage on my screen? Where's my file?"
While it would be nice to live in a perfect world, I think that the chances are
pretty low that all the webmasters out there are going to wake up one day aware
that they are not making life convenient for a small portion of their users, and
do something about it. In the mean time, why not work around it, hack or not?
Comment 58•22 years ago
|
||
Well, it's even less likely the webmasters will ever do anything about fixing
their incorrect site configuration if browser makers pander to their
incorrectness by hacking around it... at least, when the incorrect configuration
causes the download to fail, there's something specific to point to when
evangelizing the webmasters to fix the problem. If it's been hacked around at
the browser level, all anybody would be able to say is "Your site is breaking
the standard... it still works in browsers, but it's incorrect anyway on an
abstract intellectual level," which wouldn't give them much incentive to ever
fix it, so the temporary hack would have to become a permanent "feature". On
the other hand, saying "Your site's incorrect configuration causes it not to
work in [fill in browser name here]" gives them more reason to fix it.
Meanwhile, those sites that incorrectly trigger the "hack" (e.g., CGI scripts
with .dmg extensions) are just out of luck, collateral damage in this "war"
between misconfigured sites and browsers that hack around them.
Comment 59•22 years ago
|
||
As has been pointed out, this really needs to be fixed at the apache level, not
the individual webmaster level. I don't think anyone is suggesting this as a
permanent hack; only until apache is fixed. This patch has been called a
"Band-Aid"... I agree. But I don't see that as a reason not to apply it; when
you have a cut, you don't say, "Well, it'll heal eventually on its own, so I'll
leave it alone and bleed everywhere for a while." You put a Band-Aid on it
until it heals.
How much incentive do webmasters have now to do anything about the problem?
Chimera doesn't have a that much of the market share, and if there's anything
the web has taught us, it's that if something works in IE, that's good enough
for most webmasters. Saying that we won't play the game of making up for
shortcomings in the web may make a statement in support of the standards, and
make us feel good, but it also makes Chimera a less usable browser until the
specs are revised/followed.
It would be great if non-IE browsers had enough clout to influence webmasters,
but they don't yet. And they never will if they don't give a good enough user
experience to get people to switch
Comment 60•22 years ago
|
||
Is there any reason this is being contemplated for Chimera alone and not
trunk? It gives me the hives to see differential standards support in
different Gecko-based browsers, and Evangelism has been dealing quite
successfully with bugs of this nature on the trunk.
Comment 61•22 years ago
|
||
Could we please take all the pointless philosophical discussion the hell out of
this _CHIMERA_ bug to the newsgroups? If people tell me which newsgroup they
have started the discussion in, I'll follow it. If nothing else, this gives the
rest of the Mozilla community a chance to follow the argument and participate.
Choess: this is not being contemplated for the trunk, if nothing else, because
it's a "must fix now" hack. IF we ever do this on the trunk (big if, since as
you mention evang has been doing a good job) it would be done totally
differently (for one thing, it would rely a lot more on content-sniffing than on
extensions). I'm not even happy that Chimera's doing it, but I understand their
reasons, and I can't really stop them, can I? Again, newsgroups please.
Assignee | ||
Comment 62•22 years ago
|
||
Marking this _Chimera_ bug as fixed hoping it'll end further commentary here.
As Boris sez the mozilla newsgroups are where this discussion should be continued.
Status: NEW → RESOLVED
Closed: 22 years ago
Resolution: --- → FIXED
Comment 63•22 years ago
|
||
I filed http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14095 on apache to
change the DefaultType to either application/octet-stream or
application/x-unknown-content-type . This second option is a new one to me, but
again, will not require a source code change to apache, just a default config
change, thus is more likely to be implemented sooner.
Comment 64•22 years ago
|
||
Why? There already is a bug filed with Apache, namely to not send any god damn
type at all if it doesn't know for sure what that document's type is. That way
the DESIGNER can bypass **** up servers and **** up web server admins with
that little type attribute defined in HTML, that attribute which currently is
next to meaningless.
Sending an octet-stream type instead of text/plain for an unrecognized XHTML
document solves exactly nothing.
Geez.
Comment 65•22 years ago
|
||
Nick, did you bother to read the spec before you flamed me? Based on your
confusion (what does XHTML have to do with this?) I'm guessing the answer is no.
text/plain is a bad default type. application/octet-stream is a less bad default
type (and if you read the spec you'll find out why, it saves binaries to disk
instead of spewing them as text on the screen). no type at all is ideal.
However, sending no type at all requires code changes to apache, while sending
application/octet-stream requires merely a default config file change.
Therefore, it's a good workaround until the code change is in place.
Assignee | ||
Comment 66•22 years ago
|
||
Re-opening - get a 404 on a .dmg.gz file and we try to save the 404 message to
disk rather than displaying it :-(
Before the "I told ya so" pundits chime in we know simply extension sniffing
isn't the ideal way to solve this problem. That's why we're going to start
sniffing for the .gz/.bzip2 magic number or nulls in the beginning of the
datastream if we get a hit on the extension.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Comment 67•22 years ago
|
||
hmm... does the 1.0 branch have the nsIHttpChannel changes to get the
"succeeded" boolean? If not, you're gonna have to get the response status and
do "status / 100 == 2" explicitly....
Assignee | ||
Comment 68•22 years ago
|
||
For folks following this soap opera...
It turns out that where we're checking the file extension we can't sniff the
channel's data stream because it doesn't actually contain any data yet. And we
can't move the sniffing down into the http channel code as that would mean we'd
already have gone through the .gz decompression. Any Joseph Heller fans here?
We can however determine if we got a 404 and not mangle the content type (which
is what bz's comment referred to) so that's what we're gonna do. Next!
Assignee | ||
Updated•22 years ago
|
Target Milestone: --- → Chimera0.7
Assignee | ||
Comment 69•22 years ago
|
||
nsHttpChannel trunk changes for GetRequestSucceeded() moved to Chimera branch
and checked in uriloader before mangling content type
Status: REOPENED → RESOLVED
Closed: 22 years ago → 22 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•