Standardize extension to content type mapping?

[inexorabletash]

(This discussion could go here or HTML — which notes "Extensions tend to be ambiguous..." — but I'm guessing the right eyeballs will be here.)

When a File is minted via a drop operation or HTMLInputElement in Chrome, the content type is determined using platform-specific logic. e.g. on Windows the registry is used as is normal for the platform. There's also a small fallback list built into the browser. This causes behavior to differ for the same version of Chrome on the same OS depending on what applications are installed (e.g. .DOCX may be unknown if Office is not installed). Presumably this is also an interop issue across browsers on the same machine if different logic/lists are used is used.

Web applications should trust neither extensions nor content types. But should we attempt to standardize the behavior here in any way, e.g. an expected list of extension → type mappings, to avoid developer surprise?

I'm not strongly advocating for this, just wanted to kick off the discussion.

[annevk]

If all browsers have fallback, maybe? Also for <input type=file>?

[phistuck]

If you think about it, it actually sounds like some sort of a privacy issue. If the MIME type is not empty (for non-browser-supported file types), it means that the user has an application installed.
(Of course, that would not be the only thing that exposes this information - https://github.com/WICG/get-installed-related-apps/blob/master/EXPLAINER.md and https://msdn.microsoft.com/en-us/library/jj154912(v=vs.85).aspx in a way and probably more)

[annevk]

That's a good point to not trust the OS metadata, though that might also lead to regressions I suspect.