Contrib.social

Accessing private file with .jpg, .jpeg, .png extension returns WEBP image

Open on Drupal.org β†’
Created on 13 September 2022, almost 2 years ago
Updated 8 September 2023, 10 months ago

Problem/Motivation

We are experiencing an issue where we view a private image file within the browser and get a WEBP encoded image rather than the encoding that is specified via the extension within the browser's address bar (e.g., .png, .jpg, .jpeg). This creates mismatched extension to encoding when viewing the file path in the browser and then attempting the save the image, e.g., extension shows .jpeg but the encoding is WEBP.

Proposed resolution

The WEBP file contents should only be returned when .webp is the extension originally requested.

πŸ› Bug report
Status

Needs review

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States greenSkin

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • Comment 10 months ago β†’
    πŸ‡©πŸ‡ͺGermany spuky

    rerolled the patch for 8.x-1.0-rc1

  • Status changed to Needs review 10 months ago
  • Comment 10 months ago β†’
    πŸ‡³πŸ‡±Netherlands casey

    It would be even better to first check if a webp is being requested, before trying to validate if the requested uri is an image.

  • Comment 10 months ago β†’
    πŸ‡³πŸ‡±Netherlands casey

    Actually, why is it even allowed to request/generate a webp when a specific (not a image-style derivative) file is being requested?

    This patch simply removes the FileDownloadController replacement.

  • Comment 10 months ago β†’
    πŸ‡³πŸ‡±Netherlands casey
  • Comment 10 months ago β†’
    πŸ‡©πŸ‡ͺGermany spuky

    @casey I would be on your side... that that is not needed...

    But maybe there are people that whant to optimize unstyled images...

    https://www.drupal.org/project/webp/issues/3143491 β†’ is the issue that introduced that FileDownloadController so there seems to be a Usecase for that...

    I think there needs to be a discussion on which path to take... leave the controller in and Just fix the only reacting to Urs ending in webp or getting rid of the controller.

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024