[Bug]: Non-standard behavior: Electron alter the response header Content-Disposition

[9percent]

Preflight Checklist

• I have read the Contributing Guidelines for this project.
• I agree to follow the Code of Conduct that this project adheres to.
• I have searched the issue tracker for a bug report that matches the one I want to file, without success.

Electron Version

17.4.10

What operating system are you using?

Windows

Operating System Version

Windows 11 with latest updates

What arch are you using?

x64

Last Known Working Electron version

15.3.0

Expected Behavior

If web server response a blob with file name specified in Content-Disposition with encoding, for example:
server response header include:
content-disposition: "attachment; filename*=UTF-8''filename.xlsx"
Electron should pass server response header Content-Disposition as it is in XMLHttpRequest so app JavaScript can handle it correctly, should not change it's value.

Actual Behavior

Due to the change in the PR: #31669
response header value content-disposition will be replaced if the value contains encoding info.
content-disposition: "attachment; filename*=UTF-8''filename.txt"
will be changed to:
content-disposition: "attachment; filename=\"filename.txt\""
If I inspect web request with dev tool, I can see the network panel shows the response header with original value, but in the JS XMLHttpRequest handler, I can only get the altered value instead, this should not happen as it is not expected when we need to handle the file name in the header with JS code.

Testcase Gist URL

No response

Additional Information

The commit:
24b02d6
The PR:
#31669
Some doc online:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition

[isailaandrei]

Hey, sharing repro steps to make this more actionable:

Electron Fiddle Code:
const {app, BrowserWindow} = require('electron')
function createWindow () {
app.on('session-created', session => {
session.webRequest.onHeadersReceived((details, callback) => {
console.log(details.responseHeaders);
callback({ responseHeaders: details.responseHeaders });
});
});
const mainWindow = new BrowserWindow({
width: 800,
height: 600
})
mainWindow.loadURL('http://localhost:1337/')
}
app.whenReady().then(createWindow);

Netcat command:
nc -l -p 1337 < http.txt

http.txt file:
HTTP/1.1 200 OK
Content-Type: text/plain
Content-Disposition: attachment; filename*=UTF-8''filename.txt
Content-Length: 3

foo

Result:

Although RFC6266 says both formats (with or without encoding) are valid, the version with encoding is newer and should have priority because it contains more information. So I agree it's somewhat unexpected behaviour for Electron to transform the new filename version to the old one.

@codebytere tagging you since you're the last one to touch that code, although I can see someone else actually introduced this content-disposition processing code. Curious to get your opinion on this. Thank you!

[github-actions]

This issue has been automatically marked as stale. If this issue is still affecting you, please leave any comment (for example, "bump"), and we'll keep it open. If you have any new additional information—in particular, if this is still reproducible in the latest version of Electron or in the beta—please include it with your comment!

[github-actions]

This issue has been closed due to inactivity, and will not be monitored. If this is a bug and you can reproduce this issue on a supported version of Electron please open a new issue and include instructions for reproducing the issue.