搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

content-disposition as attachment for HTML file downloads rendered text

  • 1 回覆
  • 0 有這個問題
  • 最近回覆由 garym3

more options

I am at a loss as to why this started to happen only a few weeks ago after a years of working fine, and why it should happen at all:

given a link to an HTML file where the headers include content-disposition set to attachment and the server (NextCloud30) mistakenly setting content-type to text/plain, what downloads is not the HTML file, but a text rendering of that HTML file, which is, of course, completely useless to the purpose and makes no sense whatsoever that it should happen. Why would anyone download a file and expect to the be interpreted?

But more to the point, how do I stop this behaviour. The above link, on my home cloud so be gentle, will work just fine on Firefox/Linux, but on Firefox/Android it will download as a 7k rendering of the file, renamed with the txt extension. The link itself is just a few holiday classics in the iRealPro format, which is, sadly, and HTML file. Up until two weeks ago, I would post a link in our band group chat, band members would click the link, be asked if they should launch iReal, and then iReal would ask if they would like to import this playlist.

what happens now is I post the NextCloud public link, they click and get a landing page that correctly describes the file as 20k HTML and has that previous link as the Download button. Clicking that gets you 7k of useless text.

I can't say for certain that this is a few 'feature' of a recent Firefox update or something that was changed in a minor update to Nextcloud. I believe it may also happen on Safari, but I haven't confirmed that, all I know is the link does not work on mobile for most users.

Here are the headers that curl reports, although I don't think Nextcloud gives me any option to change these:

content-security-policy: default-src 'self'; script-src 'self' 'nonce-mgMdbHYk4V+oWScEpk7i171o4ZyKPO7IxeSXK7sI63s='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; content-disposition: attachment; filename*=UTF-8Xmas%20Market.html; filename="Xmas%20Market.html" content-transfer-encoding: binary expires: 0 cache-control: must-revalidate, post-check=0, pre-check=0 x-accel-buffering: no set-cookie: oc_sessionPassphrase=%2Fegdgxxr7IrZtmyhNVtKFUUTuaGRP97kftOGnPzaj0WDg0DTeoWnq%2BjRFrtKqQPB5lt%2B7pqIHRhLLNwXOQpErhhw8LGyV7zkmBq1lKRKVtcrqgZQTgB8iPK%2By24iPZnd; path=/; secure; HttpOnly; SameSite=Lax set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict set-cookie: ochghoy8fko5=n0ktulqqs85monimi7nm0hkqb5; path=/; secure; HttpOnly; SameSite=Lax strict-transport-security: max-age=15768000; includeSubDomains referrer-policy: no-referrer x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-permitted-cross-domain-policies: none x-robots-tag: noindex, nofollow x-xss-protection: 1; mode=block content-length: 20456 content-type: text/plain;charset=UTF-8 date: Sun, 08 Dec 2024 18:25:07 GMT server: Apache

I am at a loss as to why this started to happen only a few weeks ago after a years of working fine, and why it should happen at all: given [https://nas.teledyn.com/s/JtggMFbi5tPYBqT/download/Xmas%20Market.html a link to an HTML file] where the headers include content-disposition set to attachment and the server (NextCloud30) mistakenly setting content-type to text/plain, what downloads is not the HTML file, but a text rendering of that HTML file, which is, of course, completely useless to the purpose and makes no sense whatsoever that it should happen. Why would anyone ''download'' a file and expect to the be ''interpreted''? But more to the point, how do I stop this behaviour. The above link, on my home cloud so be gentle, will work just fine on Firefox/Linux, but on Firefox/Android it will download as a 7k rendering of the file, renamed with the txt extension. The link itself is just a few holiday classics in the iRealPro format, which is, sadly, and HTML file. Up until two weeks ago, I would post a link in our band group chat, band members would click the link, be asked if they should launch iReal, and then iReal would ask if they would like to import this playlist. what happens now is I post the [https://nas.teledyn.com/s/JtggMFbi5tPYBqT NextCloud public link], they click and get a landing page that correctly describes the file as 20k HTML and has that previous link as the Download button. Clicking that gets you 7k of useless text. I can't say for certain that this is a few 'feature' of a recent Firefox update or something that was changed in a minor update to Nextcloud. I believe it may also happen on Safari, but I haven't confirmed that, all I know is the link does not work on mobile for most users. Here are the headers that curl reports, although I don't think Nextcloud gives me any option to change these: content-security-policy: default-src 'self'; script-src 'self' 'nonce-mgMdbHYk4V+oWScEpk7i171o4ZyKPO7IxeSXK7sI63s='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; content-disposition: attachment; filename*=UTF-8''Xmas%20Market.html; filename="Xmas%20Market.html" content-transfer-encoding: binary expires: 0 cache-control: must-revalidate, post-check=0, pre-check=0 x-accel-buffering: no set-cookie: oc_sessionPassphrase=%2Fegdgxxr7IrZtmyhNVtKFUUTuaGRP97kftOGnPzaj0WDg0DTeoWnq%2BjRFrtKqQPB5lt%2B7pqIHRhLLNwXOQpErhhw8LGyV7zkmBq1lKRKVtcrqgZQTgB8iPK%2By24iPZnd; path=/; secure; HttpOnly; SameSite=Lax set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict set-cookie: ochghoy8fko5=n0ktulqqs85monimi7nm0hkqb5; path=/; secure; HttpOnly; SameSite=Lax strict-transport-security: max-age=15768000; includeSubDomains referrer-policy: no-referrer x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-permitted-cross-domain-policies: none x-robots-tag: noindex, nofollow x-xss-protection: 1; mode=block content-length: 20456 content-type: text/plain;charset=UTF-8 date: Sun, 08 Dec 2024 18:25:07 GMT server: Apache
附加的畫面擷圖

被選擇的解決方法

While I still don't see the value in what is downloaded being rendered, I have found the solution to my problem in the Nextcloud sources where I could force .html to be text/html and not text/plain, and the file now downloads as the original HTML.

從原來的回覆中察看解決方案 👍 0

所有回覆 (1)

more options

選擇的解決方法

While I still don't see the value in what is downloaded being rendered, I have found the solution to my problem in the Nextcloud sources where I could force .html to be text/html and not text/plain, and the file now downloads as the original HTML.

有幫助嗎?

問個問題

如果您還沒有帳號,您必須先登入帳號 來回覆文章。還沒有帳號的話,只能發問新問題