Contrib.social

Inconsistent MIME types chosen for private file system

Open on Drupal.org β†’
Created on 3 February 2022, almost 3 years ago
Updated 17 February 2023, almost 2 years ago

Problem

The FileDownloadController serves files for Drupal's private file system. It issues a Symfony BinaryFileResponse when a file is allowed to be retrieved. During preparation of this response, it utilizes Symfony's MIME type guesser to set the Contenty-Type header. By default, Symfony adds a couple of guessers, but as part of prehandling the response in DrupalKernel, Drupal registers it's own ExtensionMimeTypeGuesser that, like the name suggests, guesses the MIME type based on the extension.

Prior to Symfony 4.3, the MIME guesser was included as part of the Http Foundation component. As part of Symfony 4.3, a new dedicated MIME component was added and the old pieces in Http Foundation were deprecated. So now the problem: at this point, the BinaryFileResponse was also moved to using the new MIME component for guessing, but Drupal is still registering it's extension-based guesser with the deprecated MIME guesser mechanism. As a result, Drupal's guesser is no longer being invoked when private files are downloaded and you can get some weird results from the default Symfony guessers that cause a CSS file to be classified as an assembly file (for instance).

Steps to reproduce

  1. Add a CSS file with a rule like .globl-item { display: none; } to the private file system.
  2. Download the file and notice the content type is text/x-asm instead of the expected text/css
πŸ› Bug report
Status

Needs work

Version

9.5

Component
File systemΒ  β†’

Last updated about 11 hours ago

Created by

πŸ‡ΊπŸ‡ΈUnited States kevin.dutra

Live updates comments and jobs are added and updated live.
  • Needs issue summary update

    Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment almost 2 years ago β†’
    πŸ‡ΊπŸ‡ΈUnited States smustgrave

    This issue is being reviewed by the kind folks in Slack, #needs-review-queue-initiative. We are working to keep the size of Needs Review queue [2700+ issues] to around 400 (1 month or less), following Review a patch or merge request β†’ as a guide.

    This could use an issue summary update using the default template. Mainly proposed solution and remaining tasks.

  • Comment almost 2 years ago β†’
    scambler

    I was getting this error: Refused to execute script from '...' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.

    This was on a .js file using the private file system. After applying patch #4, this is now getting the correct mime type and working as expected.

    Drupal version: 9.5.3

    Thanks @kevin.dutra

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024