Roine Gustafsson <[EMAIL PROTECTED]> wrote: > On May 3, 2005, at 10:21 PM, Torben wrote:
> > <URL:https://bugzilla.mozilla.org/show_bug.cgi?id=220807> > > I had never seen this in Camino, so I just did a quick check with my > 0425 nightly. Serving a "test.bin" as text/plain with the content > "hello world" displays it nicely. Filling test.bin with e.g. zip data > (still serving it text/plain) makes Camino download the file instead! > So obviously there is some sniffing going on. > > However: Changing the filename to test.gz will apparently cause Apache > to return "Content-Encoding: x-gzip" header. This will apparently fool > Camino, because now I get a screenful of junk. This sniffing apparently > doesn't work on gzipped transport files. > IMO, this is an Apache bug: Just because the file extension is .gz > doesn't mean Apache should send "Content-Encoding: x-gzip"! The content > doesn't even have to be in gzip format. The real Apache bug is that Apache sends unknown content as Content-Type: text/plain thereby forcing Camino (and all other standard-complient browsers) to display it. The safety catch circumvents this by checking if the content also is invalid as text (as most .zip, .dmg, etc are). However, this test is not run if the Content-Encoding is set. > So it looks like there is some protection for misconfigured servers, > but the protection breaks if the extension happens to be .gz. One problem is that to reduce bandwith you are allowed to gzip text (both plain and html) that _should_ be displayed. If your server has the default setup, you might convince the powers-that-be that this also should be run through the safety catch. Be prepared to run rigourously tests to show that this doesn't break any thing. -- "Honesty is a somewhat overrated virtue" Lucifer in conversation with the angel Remiel _______________________________________________ Camino mailing list [email protected] http://mozdev.org/mailman/listinfo/camino
