Closed Bug 1896155 Opened 7 months ago Closed 3 months ago

Reddit defeats "open image in new tab"

Categories

(Core :: Networking: HTTP, enhancement, P3)

Firefox 124
enhancement

Tracking

()

RESOLVED WORKSFORME

People

(Reporter: yumpusamongus, Unassigned)

References

Details

(Whiteboard: [necko-triaged])

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:124.0) Gecko/20100101 Firefox/124.0

Steps to reproduce:

  1. Visit https://www.reddit.com/r/MapPorn/comments/1codiq7/west_virginias_missing_panhandle/#lightbox

  2. Right-click and "open image in new tab".

Actual results:

Browser is redirected to https://www.reddit.com/media?url=https%3A%2F%2Fpreview.redd.it%2Fwest-virginias-missing-panhandle-v0-l4ywewdjzhzc1.png%3Fwidth%3D1080%26crop%3Dsmart%26auto%3Dwebp%26s%3Dd2bf64a7cbdbba0b0743001db259063f05da30b8

and further attempts to "open image in new tab" result in redirect loop.

Expected results:

Firefox should open a tab containing the image data from https://preview.redd.it/west-virginias-missing-panhandle-v0-l4ywewdjzhzc1.png?width=1080&crop=smart&auto=webp&s=d2bf64a7cbdbba0b0743001db259063f05da30b8 and absolutely NOTHING else.

See people explaining the problems this causes here: https://www.reddit.com/r/firefox/comments/1co9cvf/are_there_any_extensions_that_will_let_me_open/l3clcuq/

Maliciously-coded web pages should not be able to override core browser features. This shouldn't even be possible, because "open image in new tab" should not cause any requests to be made to the server at all. Firefox already has the data.

FWIW,
In this case, the workaround is to add image/png to the Accept header.
i.e set "image.http.accept" to image/avif,image/webp,image/png,*/*.

Component: Untriaged → Networking: HTTP
Product: Firefox → Core
Severity: -- → S3
Priority: -- → P3
Whiteboard: [necko-triaged][necko-priority-new]

I think landing bug 1711622 will fix this by changing the default image accept header.

Depends on: 1711622
Whiteboard: [necko-triaged][necko-priority-new] → [necko-triaged]
Status: UNCONFIRMED → RESOLVED
Closed: 3 months ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.