This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

content-disposition as attachment for HTML file downloads rendered text

  • 1 cavab
  • 0 have this problem
  • 7 views
  • Last reply by garym3

more options

I am at a loss as to why this started to happen only a few weeks ago after a years of working fine, and why it should happen at all:

given a link to an HTML file where the headers include content-disposition set to attachment and the server (NextCloud30) mistakenly setting content-type to text/plain, what downloads is not the HTML file, but a text rendering of that HTML file, which is, of course, completely useless to the purpose and makes no sense whatsoever that it should happen. Why would anyone download a file and expect to the be interpreted?

But more to the point, how do I stop this behaviour. The above link, on my home cloud so be gentle, will work just fine on Firefox/Linux, but on Firefox/Android it will download as a 7k rendering of the file, renamed with the txt extension. The link itself is just a few holiday classics in the iRealPro format, which is, sadly, and HTML file. Up until two weeks ago, I would post a link in our band group chat, band members would click the link, be asked if they should launch iReal, and then iReal would ask if they would like to import this playlist.

what happens now is I post the NextCloud public link, they click and get a landing page that correctly describes the file as 20k HTML and has that previous link as the Download button. Clicking that gets you 7k of useless text.

I can't say for certain that this is a few 'feature' of a recent Firefox update or something that was changed in a minor update to Nextcloud. I believe it may also happen on Safari, but I haven't confirmed that, all I know is the link does not work on mobile for most users.

Here are the headers that curl reports, although I don't think Nextcloud gives me any option to change these:

content-security-policy: default-src 'self'; script-src 'self' 'nonce-mgMdbHYk4V+oWScEpk7i171o4ZyKPO7IxeSXK7sI63s='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; content-disposition: attachment; filename*=UTF-8Xmas%20Market.html; filename="Xmas%20Market.html" content-transfer-encoding: binary expires: 0 cache-control: must-revalidate, post-check=0, pre-check=0 x-accel-buffering: no set-cookie: oc_sessionPassphrase=%2Fegdgxxr7IrZtmyhNVtKFUUTuaGRP97kftOGnPzaj0WDg0DTeoWnq%2BjRFrtKqQPB5lt%2B7pqIHRhLLNwXOQpErhhw8LGyV7zkmBq1lKRKVtcrqgZQTgB8iPK%2By24iPZnd; path=/; secure; HttpOnly; SameSite=Lax set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict set-cookie: ochghoy8fko5=n0ktulqqs85monimi7nm0hkqb5; path=/; secure; HttpOnly; SameSite=Lax strict-transport-security: max-age=15768000; includeSubDomains referrer-policy: no-referrer x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-permitted-cross-domain-policies: none x-robots-tag: noindex, nofollow x-xss-protection: 1; mode=block content-length: 20456 content-type: text/plain;charset=UTF-8 date: Sun, 08 Dec 2024 18:25:07 GMT server: Apache

I am at a loss as to why this started to happen only a few weeks ago after a years of working fine, and why it should happen at all: given [https://nas.teledyn.com/s/JtggMFbi5tPYBqT/download/Xmas%20Market.html a link to an HTML file] where the headers include content-disposition set to attachment and the server (NextCloud30) mistakenly setting content-type to text/plain, what downloads is not the HTML file, but a text rendering of that HTML file, which is, of course, completely useless to the purpose and makes no sense whatsoever that it should happen. Why would anyone ''download'' a file and expect to the be ''interpreted''? But more to the point, how do I stop this behaviour. The above link, on my home cloud so be gentle, will work just fine on Firefox/Linux, but on Firefox/Android it will download as a 7k rendering of the file, renamed with the txt extension. The link itself is just a few holiday classics in the iRealPro format, which is, sadly, and HTML file. Up until two weeks ago, I would post a link in our band group chat, band members would click the link, be asked if they should launch iReal, and then iReal would ask if they would like to import this playlist. what happens now is I post the [https://nas.teledyn.com/s/JtggMFbi5tPYBqT NextCloud public link], they click and get a landing page that correctly describes the file as 20k HTML and has that previous link as the Download button. Clicking that gets you 7k of useless text. I can't say for certain that this is a few 'feature' of a recent Firefox update or something that was changed in a minor update to Nextcloud. I believe it may also happen on Safari, but I haven't confirmed that, all I know is the link does not work on mobile for most users. Here are the headers that curl reports, although I don't think Nextcloud gives me any option to change these: content-security-policy: default-src 'self'; script-src 'self' 'nonce-mgMdbHYk4V+oWScEpk7i171o4ZyKPO7IxeSXK7sI63s='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; content-disposition: attachment; filename*=UTF-8''Xmas%20Market.html; filename="Xmas%20Market.html" content-transfer-encoding: binary expires: 0 cache-control: must-revalidate, post-check=0, pre-check=0 x-accel-buffering: no set-cookie: oc_sessionPassphrase=%2Fegdgxxr7IrZtmyhNVtKFUUTuaGRP97kftOGnPzaj0WDg0DTeoWnq%2BjRFrtKqQPB5lt%2B7pqIHRhLLNwXOQpErhhw8LGyV7zkmBq1lKRKVtcrqgZQTgB8iPK%2By24iPZnd; path=/; secure; HttpOnly; SameSite=Lax set-cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax set-cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict set-cookie: ochghoy8fko5=n0ktulqqs85monimi7nm0hkqb5; path=/; secure; HttpOnly; SameSite=Lax strict-transport-security: max-age=15768000; includeSubDomains referrer-policy: no-referrer x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-permitted-cross-domain-policies: none x-robots-tag: noindex, nofollow x-xss-protection: 1; mode=block content-length: 20456 content-type: text/plain;charset=UTF-8 date: Sun, 08 Dec 2024 18:25:07 GMT server: Apache
Attached screenshots

Chosen solution

While I still don't see the value in what is downloaded being rendered, I have found the solution to my problem in the Nextcloud sources where I could force .html to be text/html and not text/plain, and the file now downloads as the original HTML.

Read this answer in context 👍 0

All Replies (1)

more options

Seçilmiş Həll

While I still don't see the value in what is downloaded being rendered, I have found the solution to my problem in the Nextcloud sources where I could force .html to be text/html and not text/plain, and the file now downloads as the original HTML.

Helpful?

Sual ver

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.