Content-Disposition:inline is ignored in IE<=8 when filename contains "attachment" string #4028

Closed
rcubetrac opened this Issue Nov 29, 2012 · 11 comments

1 participant

@rcubetrac

Reported by myfreexp on 29 Nov 2012 18:56 UTC as Trac ticket #1488844

See summary.

Attached is the mailing list message with the announcement of the new mime-type validation of Nov 27th, 2012. This message has a .png attachment which can't be displayed in the browser (at least not in IE8), a number of warnings and dialogues is thrown instead.

The precise behaviour is described in the second mailing list message attached to this ticket. Interestingly, all images attached to this response message can be displayed in IE8 without a problem, although I can't figure out any difference in the declaration and encoding (image/png, base64 and attachment in both messages).

Keywords: mime-type validation
Migrated-From: http://trac.roundcube.net/ticket/1488844

@rcubetrac

Comment by @alecpl on 30 Nov 2012 10:15 UTC

Fixed in 8afbc8a

@rcubetrac

Status changed by @alecpl on 30 Nov 2012 10:15 UTC

new => closed

@rcubetrac

Comment by myfreexp on 2 Dec 2012 19:47 UTC

This commit didn't change anything in the behaviour (at least not here). Ticket re-opened.

@rcubetrac

Status changed by myfreexp on 2 Dec 2012 19:47 UTC

closed => reopened

@rcubetrac

Comment by @alecpl on 4 Dec 2012 20:05 UTC

Got it! Looks like we hit IE8 bug described here: http://notetodogself.blogspot.com/2010/06/ie8-content-dispositioninline-opens-as.html. No problem with newer versions.

@rcubetrac

Comment by myfreexp on 4 Dec 2012 21:22 UTC

Replying to alec:

Got it! Looks like we hit IE8 bug described here: http://notetodogself.xxxxspot.com/2010/06/ie8-content-dispositioninline-opens-as.html. No problem with newer versions.

Argh! How embarrassing for MS one more time, are they not even able to parse a simple header string correctly...? Kudos for finding this, this wasn't indeed an easy one.

But will/can there be a workaround in Roundcube at all...?

P.S.: URLs may get broken/line-feeded when receiving those kind of comments by e-mail, but that's of course not a Roundcube issue.

P.P.S.: Why do I need to x-out a part of the URL quoted above to get this comment sent, to avoid that it is being considered as spam just because of the string "blogxxxx"? And why could the original comment been sent which contained the full combination of the strings "blogxxxx" and "xxxxspot"??

@rcubetrac

Comment by @alecpl on 5 Dec 2012 08:50 UTC

Replying to myfreexp:

But will/can there be a workaround in Roundcube at all...?

Yes. Fixed in c7ff6ec.

P.P.S.: Why do I need to x-out a part of the URL quoted above to get this comment sent, to avoid that it is being considered as spam just because of the string "blogxxxx"? And why could the original comment been sent which contained the full combination of the strings "blogxxxx" and "xxxxspot"??

I don't know internals, but maybe I just got better privilages or it takes client IP into consideration.

@rcubetrac

Status changed by @alecpl on 5 Dec 2012 08:50 UTC

reopened => closed

@rcubetrac

Summary changed by @alecpl on 5 Dec 2012 08:50 UTC

Since "new attachment mime-type validation", some image attachments can not be displayed in the browser (IE8) anymore

Content-Disposition:inline is ignored in IE<=8 when filename contains "attachment" string

@rcubetrac rcubetrac closed this Dec 5, 2012
@rcubetrac

Comment by myfreexp on 5 Dec 2012 18:27 UTC

Replying to alec:

Replying to myfreexp:

But will/can there be a workaround in Roundcube at all...?

Yes. Fixed in c7ff6ec.

Just thanks, A.L.E.C! I'll report if this fix does work here. And thanks also for the change of the summary, as my original one was apparently misleading and had nothing to do with the real problem.

P.P.S.: Why do I need to x-out a part of the URL quoted above to get this comment sent, to avoid that it is being considered as spam just because of the string "blogxxxx"? And why could the original comment been sent which contained the full combination of the strings "blogxxxx" and "xxxxspot"??

I don't know internals, but maybe I just got better privilages or it takes client IP into consideration.

Not sure what should be wrong with my IP, but I'll better address Thomas with regards to this issue.

@rcubetrac

Comment by myfreexp on 6 Dec 2012 17:06 UTC

Works for me!

Thanks again...

@rcubetrac rcubetrac added this to the 0.9-beta milestone Mar 20, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment