https://bugzilla.wikimedia.org/show_bug.cgi?id=58448
Web browser: --- Bug ID: 58448 Summary: Drop "Content-disposition: attachment;" from the response headers if the MIME type can be typically rendered by the browser Product: Wikimedia Version: wmf-deployment Hardware: All OS: All Status: NEW Severity: normal Priority: Unprioritized Component: Bugzilla Assignee: wikibugs-l@lists.wikimedia.org Reporter: rainerril...@hotmail.com CC: aklap...@wikimedia.org, s...@reedyboy.net, thehelpfulonew...@gmail.com Classification: Unclassified Mobile Platform: --- Original Bug title: Drop "Content-disposition: attachment;" from the response headers if the MIME type can be typically rendered by the browser, including text, png and jpg files. ---- Reasoning: This header forces the browser to open a download-dialog which is not really handy for quickly looking at a screenshot. Downloading is still possible for all who are fans of error-screenshots after removing that header. ---- Possible issue: Bugzilla is abused by spammers for placing their images here. Possible solution: Only drop the header if user is logged-in. Possible issue: Injection of malicious content. Possible solution: Only allow "safe types" (i.e. not .js or only png and jpg images) ---- ---- Current response headers for attachments: HTTP/1.1 200 OK Date: Fri, 13 Dec 2013 13:56:58 GMT Server: Apache X-xss-protection: 1; mode=block Content-disposition: attachment; filename="commons_revision_missing_not_in_user_language.png" X-content-type-options: nosniff Content-length: 287653 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: image/png; name="commons_revision ..." -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list Wikibugs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikibugs-l