Contrib.social

Inconsistent MIME types chosen for private file system

Open on Drupal.org →
Created on 3 February 2022, over 3 years ago
Updated 11 February 2023, over 2 years ago

Problem

The FileDownloadController serves files for Drupal's private file system. It issues a Symfony BinaryFileResponse when a file is allowed to be retrieved. During preparation of this response, it utilizes Symfony's MIME type guesser to set the Contenty-Type header. By default, Symfony adds a couple of guessers, but as part of prehandling the response in DrupalKernel, Drupal registers it's own ExtensionMimeTypeGuesser that, like the name suggests, guesses the MIME type based on the extension.

Prior to Symfony 4.3, the MIME guesser was included as part of the Http Foundation component. As part of Symfony 4.3, a new dedicated MIME component was added and the old pieces in Http Foundation were deprecated. So now the problem: at this point, the BinaryFileResponse was also moved to using the new MIME component for guessing, but Drupal is still registering it's extension-based guesser with the deprecated MIME guesser mechanism. As a result, Drupal's guesser is no longer being invoked when private files are downloaded and you can get some weird results from the default Symfony guessers that cause a CSS file to be classified as an assembly file (for instance).

Steps to reproduce

  1. Add a CSS file with a rule like .globl-item { display: none; } to the private file system.
  2. Download the file and notice the content type is text/x-asm instead of the expected text/css
🐛 Bug report
Status

Needs work

Version

9.5

Component
File system 

Last updated about 10 hours ago

Created by

🇺🇸United States kevin.dutra

Live updates comments and jobs are added and updated live.
  • Needs issue summary update

    Issue summaries save everyone time if they are kept up-to-date. See Update issue summary task instructions.

Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment over 2 years ago
    🇺🇸United States smustgrave

    This issue is being reviewed by the kind folks in Slack, #needs-review-queue-initiative. We are working to keep the size of Needs Review queue [2700+ issues] to around 400 (1 month or less), following Review a patch or merge request as a guide.

    This could use an issue summary update using the default template. Mainly proposed solution and remaining tasks.

  • Comment over 2 years ago
    scambler

    I was getting this error: Refused to execute script from '...' because its MIME type ('text/plain') is not executable, and strict MIME type checking is enabled.

    This was on a .js file using the private file system. After applying patch #4, this is now getting the correct mime type and working as expected.

    Drupal version: 9.5.3

    Thanks @kevin.dutra

  • Status changed to Closed: duplicate about 1 month ago
  • Comment about 1 month ago
    🇮🇳India mohit_aghera Rajkot

    I came across this issue while doing bugsmash triage.

    It seems, this is already fixed as part of 📌 Register Drupal's mime guesser with the non legacy Symfomy singleton Needs work .
    Please re-open if you notice further issues.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024