Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HiddenBrowser saves files to disk when response has Content-Disposition: attachment #3835

Closed
AbeJellinek opened this issue Mar 11, 2024 · 2 comments · Fixed by #4093
Closed

HiddenBrowser saves files to disk when response has Content-Disposition: attachment #3835

AbeJellinek opened this issue Mar 11, 2024 · 2 comments · Fixed by #4093

Comments

@AbeJellinek
Copy link
Member

AbeJellinek commented Mar 11, 2024
edited 

#!/usr/bin/env python3

from http.server import HTTPServer, BaseHTTPRequestHandler

class Handler(BaseHTTPRequestHandler):
	def do_GET(self):
		self.send_response(200)
		self.send_header('Content-Type', 'text/html')
		if self.path == '/' or self.path == '/index.html':
			self.end_headers()
			self.wfile.write(b'<iframe src="iframe.html">')
		elif self.path == '/iframe.html':
			self.send_header('Content-Disposition', 'attachment')
			self.end_headers()
			self.wfile.write(b'iframe content')

httpd = HTTPServer(('', 8000), Handler)
httpd.serve_forever()

In Zotero:

var { HiddenBrowser } = ChromeUtils.import("chrome://zotero/content/HiddenBrowser.jsm");
var browser = new HiddenBrowser({ docShell: { allowMetaRedirects: true } });
await browser.load('http://localhost:8000/', { requireSuccessfulStatus: true });

browser = new HiddenBrowser({ docShell: { allowMetaRedirects: true } });
await browser.load('http://localhost:8000/iframe.html', { requireSuccessfulStatus: true });

iframe.html is saved to ~/Downloads in both cases. I would think that passing docShell: { allowContentRetargeting: false } would prevent this, but it doesn't.
@AbeJellinek AbeJellinek changed the title Scaffold HiddenBrowser sometimes saves an empty HTML file to ~/Downloads HiddenBrowser saves files to disk when response has Content-Disposition: attachment Mar 11, 2024
@AbeJellinek
Copy link
Member Author

This is a difficult one! Best lead I have so far is BackgroundThumbnailsChild, which does things very differently from HeadlessShell: https://searchfox.org/mozilla-central/rev/f9157a03835653cd3ece8d2dc713a782b7e4374e/toolkit/actors/BackgroundThumbnailsChild.sys.mjs#44-85

For one, it creates a top-level browser pointing to a chrome document and then sets a bunch of flags and loads content pages from the actor child.

@AbeJellinek
Copy link
Member Author

May be related: https://forums.zotero.org/discussion/comment/462257/#Comment_462257

@AbeJellinek AbeJellinek mentioned this issue May 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

HiddenBrowser: Block all downloads AbeJellinek/zotero
1 participant
@AbeJellinek