Closed Bug 1892115 Opened 2 years ago Closed 2 years ago

Secure file download corrupt file on http connection

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Version:
Firefox 125
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1892069

People

(Reporter: info, Unassigned)

References

(Regression)

Details

(Keywords: regression)

Steps to reproduce:

Hello, it's no longer possible to download files using an http connection with the new download protection using primefaces.
You can test it going on this site http://www.primefaces.org:8080/showcase/ui/file/download.xhtml and click on download button (ajax download works)

Actual results:

The files are downloaded, but they are corrupted

Expected results:

Files must not be corrupted.
In chrome it works

OS: Unspecified → All
Hardware: Unspecified → All

The Bugbug bot thinks this bug should belong to the 'Core::Networking' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged → Networking
Product: Firefox → Core

Thanks for the report.
When downloading the file in the reproductions steps, did you notice the downloads panel opened?
Informing you of a potential security risk, then providing the option to Allow download or Remove file

See Also: → 1877195

(In reply to Donal Meehan [:dmeehan] from comment #2)

Thanks for the report.
When downloading the file in the reproductions steps, did you notice the downloads panel opened?
Informing you of a potential security risk, then providing the option to Allow download or Remove file

Yes, but after clicking on Allow download, the file downloaded it's corrupted.
The download works fine if i set to false the configuration dom.block_download_insecure in http connection or if it's on ssl

Component: Networking → DOM: Security
Status: UNCONFIRMED → NEW
status-firefox125: --- → affected
status-firefox126: --- → affected
status-firefox127: --- → affected
status-firefox-esr115: --- → unaffected
Ever confirmed: true
Flags: needinfo?(ckerschb)
Keywords: regression
Regressed by: 1877195
See Also: 18771951892069
Duplicate of this bug: 1892210

I can reproduce the issue in Nightly, it downloaded a corrupt file. This issue is also mentioned here on Reddit.

In fact the downloaded file contains the HTML contents of the source page instead of the JPG image that was supposed to get downloaded. The file name is still that of the JPG image though.

We are tracking exactly that problem over within Bug 1892069.

Status: NEW → RESOLVED
Closed: 2 years ago
Duplicate of bug: 1892069
Flags: needinfo?(ckerschb)
Resolution: --- → DUPLICATE
See Also: 1892069
You need to log in before you can comment on or make changes to this bug.