Closed Bug 1837865 Opened 2 years ago Closed 2 years ago

configure accept header

Categories

(Core :: Networking, defect)

Product:
Core
Component:
Networking
Version:
Firefox 101
Type:
defect

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: srpen6+4cq2, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:101.0) Gecko/20100101 Firefox/101.0

Steps to reproduce:

  1. visit https://reddit.com/r/MapPorn/comments/1462x3v
  2. click the "play" button to expand the gallery.
  3. click the first image to expand
  4. click the image again to open in new tab

Actual results:

from here, Reddit is abusing the Accept header in order to force an HTML response. For example, if you make this request as Firefox does:

GET /ttj535aoj75b1.png?width=6460&format=png&auto=webp&v=enabled&s=03c44c0d62ce8189920d19e4092a176e03e47493 HTTP/1.1
Host: preview.redd.it
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8

you get an HTML response:

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8

but if you make the same request with a different header:

GET /ttj535aoj75b1.png?width=6460&format=png&auto=webp&v=enabled&s=03c44c0d62ce8189920d19e4092a176e03e47493 HTTP/1.1
Host: preview.redd.it
Accept: image/avif,image/webp,*/*

you get expected result:

HTTP/1.1 200 OK
Content-Type: image/webp

as far as I know Firefox has no way to configure this, so users are as the mercy of Reddit to be served whatever Reddit wants.

note I am using "old" Reddit. if you are using new reddit:

  1. right click first image
  2. Open Image in New Tab

The Bugbug bot thinks this bug should belong to the 'Firefox Build System::General' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → General
Product: Firefox → Firefox Build System

(In reply to srpen6+4cq2 from comment #0)

as far as I know Firefox has no way to configure this,

Didn't network.http.accept work?

Component: General → Networking
Product: Firefox Build System → Core

(In reply to Masatoshi Kimura [:emk] from comment #3)

(In reply to srpen6+4cq2 from comment #0)

as far as I know Firefox has no way to configure this,

Didn't network.http.accept work?

I think setting this pref should accomplish what you want.
Alternatively, a webextension can also intercept and rewrite headers with more of targeted approach.

Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID

looks like setting:

network.http.accept

to:

*/*

does fix it. strangely this page recommends network.http.accept.default:

https://developer.mozilla.org/docs/Web/HTTP/Content_negotiation/List_of_default_Accept_values

The document has been outdated so long. network.http.accept.default was removed between Firefox 60 and 68. network.http.accept was added since Firefox 85[1].

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1658008

You need to log in before you can comment on or make changes to this bug.