Skip to content

Bug 42220: Allow for more file types to be forced-inline.

Pier Angelo Vendrame requested to merge pierov/tor-browser:bug_42220 into tor-browser-128.2.0esr-14.0-1

Merge Info

Related Issues

  • #42220
  • mullvad-browser#xxxxx
  • tor-browser-build#xxxxx

Backporting

Timeline

  • Immediate: patchset needed as soon as possible
  • Next Minor Stable Release: patchset that needs to be verified in nightly before backport
  • Eventually: patchset that needs to be verified in alpha before backport
  • No Backport (preferred): patchset for the next major stable

(Optional) Justification

  • Emergency security update: patchset fixes CVEs, 0-days, etc
  • Censorship event: patchset enables censorship circumvention
  • Critical bug-fix: patchset fixes a bug in core-functionality
  • Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
  • Sponsor required: patchset required for sponsor
  • Localization: typos and other localization changes that should be also in the release branch
  • Other: please explain

Merging

  • Merge to tor-browser - !fixups to tor-browser-specific commits, new features, security backports
  • Merge to base-browser - !fixups to base-browser-specific commits, new features to be shared with mullvad-browser, and security backports
    • NOTE: if your changeset includes patches to both base-browser and tor-browser please clearly label in the change description which commits should be cherry-picked to base-browser after merging

Issue Tracking

Review

Request Reviewer

  • Request review from an applications developer depending on modified system:
    • NOTE: if the MR modifies multiple areas, please /cc all the relevant reviewers (since gitlab only allows 1 reviewer)
    • accessibility : henry
    • android : clairehurst, dan
    • build system : boklm
    • extensions : ma1
    • firefox internals (XUL/JS/XPCOM) : jwilde, ma1
    • fonts : pierov
    • frontend (implementation) : henry
    • frontend (review) : donuts, richard
    • localization : henry, pierov
    • macOS : clairehurst, dan
    • nightly builds : boklm
    • rebases/release-prep : dan, ma1, pierov, richard
    • security : jwilde, ma1
    • signing : boklm, richard
    • updater : pierov
    • windows : jwilde, richard
    • misc/other : pierov, richard

/cc @jwilde @ma1

Change Description

This is a long story, please see #42220 (comment 3074876)

How Tested

Used this Python script (source, then adapted):

#!/usr/bin/env python3
from http import server

class MyHTTPRequestHandler(server.SimpleHTTPRequestHandler):
    def end_headers(self):
        self.send_my_headers()

        server.SimpleHTTPRequestHandler.end_headers(self)

    def send_my_headers(self):
        if self.path != "/":
            self.send_header("Content-disposition", "attachment")


if __name__ == "__main__":
    server.test(HandlerClass=MyHTTPRequestHandler)

and checked how several files (pdf, avif, webp, xml, others) are handled.

You will need a public IP and a port forwarding.

Or, you could cherry-pick the patch onto MB and test from there.

Or, you could find how to bypass the proxy for localhost.

Edited by Pier Angelo Vendrame

Merge request reports