Advertisement:

Author Topic: bogus Content-Disposition header field sent to Firefox  (Read 40873 times)

Offline reschke

  • Semi-Newbie
  • *
  • Posts: 24
bogus Content-Disposition header field sent to Firefox
« on: September 08, 2011, 05:42:02 AM »
We believe the site is sending a bogus Content-Disposition header field for download links (to Firefox). This will cause Firefox 8 to ignore them.

See details in Mozilla Bugzilla entry 685060.

Offline mashby

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 8,392
  • Gender: Male
  • badass beer hound
    • Choppix
Re: bogus Content-Disposition header field sent to Firefox
« Reply #1 on: September 08, 2011, 08:09:36 AM »
Mind providing a link to Mozilla Bugzilla entry 685060? Firefox 8?
Always be a little kinder than necessary.
- James M. Barrie

Offline reschke

  • Semi-Newbie
  • *
  • Posts: 24
Re: bogus Content-Disposition header field sent to Firefox
« Reply #2 on: September 08, 2011, 08:21:41 AM »
I would have done that if the forum software would let me do it.

Let's try this:

bugzilla.mozilla.org/show_bug.cgi?id=685060

Offline Kindred

  • The Mean One
  • Support Specialist
  • SMF Legend
  • *
  • Posts: 60,422
  • Gender: Male
    • Kindred-999 on GitHub
Re: bogus Content-Disposition header field sent to Firefox
« Reply #3 on: September 08, 2011, 09:40:09 AM »
Firefox 8? ???

Firefox 7 was just released in Beta...   We don't even pretend to support alpha versions of browser softwares...
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Offline reschke

  • Semi-Newbie
  • *
  • Posts: 24
Re: bogus Content-Disposition header field sent to Firefox
« Reply #4 on: September 08, 2011, 09:52:20 AM »
Firefox 8 goes beta in three weeks and will be released in nine weeks. At that point, the download links will fail to work (the name not being used).

This is caused by the software special-casing Firefox, and sending a broken header field value, which won't be accepted anymore.




Offline Thantos

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 16,163
  • Gender: Male
Re: bogus Content-Disposition header field sent to Firefox
« Reply #5 on: September 08, 2011, 10:01:12 AM »
What did FF change in this regard and when?  I'm worried that just removing the FF case will break some of the older versions of FF.

Can you also provide the UA that FF8 is using?

Offline reschke

  • Semi-Newbie
  • *
  • Posts: 24
Re: bogus Content-Disposition header field sent to Firefox
« Reply #6 on: September 08, 2011, 10:04:23 AM »
It's all in the bug report I linked to.

Essentially, when using the "filename*" notation, the value of the parameter must not use double quotes. That notation will work with all browsers that support "filename*", which are all except Safari and Internet Explorer < version 9.

See greenbytes.de/tech/tc2231/#attwithfn2231quot

And no, you don't need to check for a specific Firefox version.

Offline Thantos

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 16,163
  • Gender: Male
Re: bogus Content-Disposition header field sent to Firefox
« Reply #7 on: September 08, 2011, 10:15:01 AM »
Ok I see the problem.  We are sending
Quote
Content-Disposition: attachment; filename*="UTF-8''Adk_Menu_Buttons.zip"
When we should be sending
Quote
Content-Disposition: attachment; filename*="UTF-8''Adk_Menu_Buttons.zip

Looking at the code I think I see how the error came in.

Offline Thantos

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 16,163
  • Gender: Male
Re: bogus Content-Disposition header field sent to Firefox
« Reply #8 on: September 08, 2011, 10:21:59 AM »

Offline reschke

  • Semi-Newbie
  • *
  • Posts: 24
Re: bogus Content-Disposition header field sent to Firefox
« Reply #9 on: September 08, 2011, 10:50:45 AM »
Ok I see the problem.  We are sending
Quote
Content-Disposition: attachment; filename*="UTF-8''Adk_Menu_Buttons.zip"
When we should be sending
Quote
Content-Disposition: attachment; filename*="UTF-8''Adk_Menu_Buttons.zip

Looking at the code I think I see how the error came in.

Actually there shouldn't be a double quote after the filename*=.

You may want to validate what you have with redbot.org (which does validity checks on HTTP responses).

Offline Thantos

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 16,163
  • Gender: Male
Re: bogus Content-Disposition header field sent to Firefox
« Reply #10 on: September 08, 2011, 11:05:35 AM »
Thanks, missed that one.  Will fix the patch. (stupid quotes are so hard to see first thing in the morning).

Offline reschke

  • Semi-Newbie
  • *
  • Posts: 24
Re: bogus Content-Disposition header field sent to Firefox
« Reply #11 on: September 08, 2011, 11:07:25 AM »
Thanks, missed that one.  Will fix the patch. (stupid quotes are so hard to see first thing in the morning).

:-) That's why the online validator is so useful.


Offline Thantos

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 16,163
  • Gender: Male
Re: bogus Content-Disposition header field sent to Firefox
« Reply #12 on: September 08, 2011, 11:15:14 AM »
Yeah, too bad my test boxes aren't public facing and I'd be lynched if I just made the changes here without testing/validating it first :D

Offline Thantos

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 16,163
  • Gender: Male
Re: bogus Content-Disposition header field sent to Firefox
« Reply #13 on: September 09, 2011, 10:35:25 AM »
The same for Opera browser
What's the problem for the opera browser?  It gives a correct format:
Quote
    HTTP/1.1 200 OK
    Server: nginx
    Date: Fri, 09 Sep 2011 14:33:36 GMT
    Content-Type: application/octetstream
    Connection: keep-alive
    Set-Cookie:
    Expires: Sat, 08 Sep 2012 14:33:36 GMT
    Cache-Control: max-age=31536000
    Pragma:
    Content-Encoding: none
    Last-Modified: Sun, 17 Jul 2011 01:07:14 GMT
    Accept-Ranges: bytes
    ETag: "f6f5ef22730e6607b63d7c1c399ea651"
    Content-Transfer-Encoding: binary
    Content-Disposition: attachment; filename="Adk_Menu_Buttons.zip"
    Content-Length: 14123
redbot results

Offline reschke

  • Semi-Newbie
  • *
  • Posts: 24
Re: bogus Content-Disposition header field sent to Firefox
« Reply #14 on: September 09, 2011, 10:48:46 AM »
The only reason to send filename* instead of filename is because the filename might contain characters outside the ASCII range.

If it never does, don't bother with filename*.

If it does, just "filename" doesn't work interoperably. Your best bet is to use the filename* format (following RFCs 5987 and 6266), and to use that for all browsers except for legacy ones (IE < 9) and broken ones (Safari). For those, you can strip out non-ASCII characters and use the simpler format.

RFC 6266, Appendix D (greenbytes.de/tech/webdav/rfc6266.html#rfc.section.D) has the details. See also trac.tools.ietf.org/wg/httpbis/trac/wiki/ContentDispositionProducerAdvice
« Last Edit: September 09, 2011, 10:58:25 AM by reschke »

Offline Thantos

  • SMF Friend
  • SMF Super Hero
  • *
  • Posts: 16,163
  • Gender: Male
Re: bogus Content-Disposition header field sent to Firefox
« Reply #15 on: September 09, 2011, 10:58:58 AM »
Which version of Opera?

Offline reschke

  • Semi-Newbie
  • *
  • Posts: 24
Re: bogus Content-Disposition header field sent to Firefox
« Reply #16 on: September 09, 2011, 11:00:03 AM »
Again, avoid UA sniffing if you can.

Opera, Chrome, Firefox, IE (>=9) and Konqueror all accept the same notation.
« Last Edit: September 09, 2011, 11:05:52 AM by reschke »

Offline Mongoose

  • Semi-Newbie
  • *
  • Posts: 48
  • Gender: Male
    • Opera Fan
Re: bogus Content-Disposition header field sent to Firefox
« Reply #17 on: September 09, 2011, 11:02:07 AM »

Offline Mongoose

  • Semi-Newbie
  • *
  • Posts: 48
  • Gender: Male
    • Opera Fan
Re: bogus Content-Disposition header field sent to Firefox
« Reply #18 on: September 11, 2011, 04:25:44 AM »
Sorry guys for false alarm.
There was a "Mask as Firefox" option enabled by mistake in my browser.

Online SleePy

  • Let there be light!
  • Site Team Lead
  • SMF Master
  • *
  • Posts: 30,896
  • Gender: Male
  • Thats his happy face.
    • jdarwood007 on GitHub
    • @jdarwood on Twitter
    • SleePy Code - My personal site
Re: bogus Content-Disposition header field sent to Firefox
« Reply #19 on: September 13, 2011, 06:18:12 PM »
This should be fixed now here.
Jeremy D — Site Team / SMF Developer
Support the SMF Support team!
Profiles:GitHub
Join us on IRC Libera.chat/#smf