ATN sets content-disposition: attachment, which cause XPI files to be downloaded instead of installed

[jobisoft]

This was reported initially here: https://bugzilla.mozilla.org/show_bug.cgi?id=1952385

While it is a user decision to disable mozAddonManager, we do divert from Firefox behavior. The code line in question is: https://searchfox.org/mozilla-central/rev/126697140e711e04a9d95edae537541c3bde89cc/uriloader/base/nsURILoader.cpp#422

Usually mozAddonManager is used to install XPI files, but it can be disabled for various reasons. In Firefox, the XPI files downloaded from AMO continue to get installed, while Thunderbird opens a "save as" dialog to store XPI files downloaded from ATN.

The difference is that AMO does not set the content-disposition header for the response, while Thunderbird sets it to attachment. Removing this header should fix the issue.

[MelissaAutumn]

Thanks, I'm deferring this until we do the Python 3 migration as we may have already pulled in a patch for this.

[jobisoft]

There is an important exception to this request. We may only remove the content-disposition: attachment header if the request is coming from Thunderbird. I hope we can detect that via the user-agent.

If we remove it for all requests, Firefox will start installing add-ons downloaded from addons.thunderbird.net, which is a bad user experience and caused additional support load in the past. I wonder if the content-disposition header was actually added to "fix" that. There is Bug 295462 regarding this, which stopped getting comments about 6 years ago.

There is an easy way to simulate this effect. Install the header-modify-addon in Firefox and use the following config:

If you then browse to addons.thunderbird.net in Firefox, any add-on you click on will be installed.

I will now close Bug 295462 as WORKSFORME, but we need to make sure that resolving this issue is not bringing that back.