1896155 - Reddit defeats "open image in new tab"

Status: RESOLVED WORKSFORME

(Core :: Networking: HTTP, enhancement, P3)

Description

[Russell Haley]

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0

Steps to reproduce:

1. Visit https://www.reddit.com/r/MapPorn/comments/1codiq7/west_virginias_missing_panhandle/#lightbox

2. Right-click and "open image in new tab".

Actual results:

Browser is redirected to https://www.reddit.com/media?url=https%3A%2F%2Fpreview.redd.it%2Fwest-virginias-missing-panhandle-v0-l4ywewdjzhzc1.png%3Fwidth%3D1080%26crop%3Dsmart%26auto%3Dwebp%26s%3Dd2bf64a7cbdbba0b0743001db259063f05da30b8

and further attempts to "open image in new tab" result in redirect loop.

Expected results:

Firefox should open a tab containing the image data from https://preview.redd.it/west-virginias-missing-panhandle-v0-l4ywewdjzhzc1.png?width=1080&crop=smart&auto=webp&s=d2bf64a7cbdbba0b0743001db259063f05da30b8 and absolutely NOTHING else.

See people explaining the problems this causes here: https://www.reddit.com/r/firefox/comments/1co9cvf/are_there_any_extensions_that_will_let_me_open/l3clcuq/

Maliciously-coded web pages should not be able to override core browser features. This shouldn't even be possible, because "open image in new tab" should not cause any requests to be made to the server at all. Firefox already has the data.

Comment 1

[Alice0775 White]

FWIW,
In this case, the workaround is to add image/png to the Accept header.
i.e set "image.http.accept" to image/avif,image/webp,image/png,*/*.

Comment 2

[Valentin Gosu [:valentin] (he/him)]

I think landing bug 1711622 will fix this by changing the default image accept header.