Closed Bug 291992 Opened 20 years ago Closed 20 years ago

Downloading of *.jnlp file does not automatically open it

Categories

(Camino Graveyard :: Downloading, defect)

Product:
Camino Graveyard
Component:
Downloading
Platform:
PowerPC
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: edsbugs, Assigned: mikepinkerton)

Details

User-Agent:       Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.7) Gecko/20050419 Camino/0.8.3+
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.7.7) Gecko/20050419 Camino/0.8.3+

When I hit on a link which is supposed to start a program using Java Web Start.
 the .jnlp is added to the download window and saved to the desktop but does not
open the application.

Hitting the link to open the appplication again cause a subsequent file to be
downloaded to the dekstop.

Firefox starts the application automatically.

Reproducible: Always



Expected Results:  
The application should have been started automatically and no file downloaded at
all.  Would not have even expected a file to show in the download window.
i think we only auto-open a fixed list. maybe that's not true.
Summary: Downloading of *.jnlp file does automatically open it → Downloading of *.jnlp file does not automatically open it
IMHO, from a security point of view, Camino is doing the right thing by not
opening downloaded files willy-nilly, especially those that are applications or
application-like.  I've yet to run across a file that Camino auto-opens upon
download, and IMO that's a very good thing.

Also, given that a simple click on the "Open" button in the Download Manager (or
a double-click on the file entry in the nightlies if your're running
toolbar-less), if the user really wants the file to open, he/she can still do so
in a single click without leaving Camino.

My recommendation is WONTFIX.
Would it not be better to have a list of ip addresses from which an 
application is automatically opened.  In the example given the file is served 
from one of our local intranet web servers, so in our case security is not an 
issue, but not automatically opening the application is an inconvenience to 
the users.

I can understand you comment if the file was coming from an external unknown 
source, but from a company point of view this is controlled by the firewall 
configuration.

Ed
Was "Open downloaded files" on in preferences?
(In reply to comment #4)
> Was "Open downloaded files" on in preferences?

Ah, this is WFM once I switch on that setting.  Camino does the smart and secure
thing and ships with the pref *off* (Apple has yet to learn that lesson!).

.sit and .zip are automatically opened; .dmg is not, .sh is not (good).

.command is auto-opened, but permissions have been stripped so it doesn't run,
only launches the terminal and complains (so-so).  

I still think things like .jnlp should not be autolaunched at all from a
security perspective (unless Camino were to add some sort of non-GUI
user-configrable extension and/or ip whitelist to override non-opening of unsafe
files).
user "error". invalid.
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.