Hard-code some MIME types to work around broken Windows setups #3120
Comments
Summary: The standard library’s `mimetypes.guess_types` can give incorrect results on Windows, because arbitrary programs can influence its behavior by writing to the registry. This can be worked around by reinstating the correct MIME types with `mimetypes.add_type`, as in this patch. Fixes #3120. Test Plan: To check that this patch works at all on Windows, edited the registry to add a bad content type: ``` reg add HKCR\.js /v "Content Type" /d application/x-testing-123 ``` …then verified that before this change, `mimetypes.guess_type("foo.js")` gives the wrong value and TensorBoard does not render properly (strict MIME type checking error in Chrome, as expected), whereas after this change `mimetypes.guess_type("foo.js")` gives the correct value and TensorBoard returns the correct content type in its JavaScript responses. TensorBoard still does not render on Windows due to unrelated errors in the debugger plugin. To check that this set of patches is sufficient, `git grep guess_type` shows call sites only in `core_plugin` and `projector_plugin`. The former takes file names from `webfiles.zip`, which has only `html`, `js`, and `woff2` files (plus a `LICENSE`). The latter has a fixed set of inputs with extensions `html` and `js`. wchargin-branch: windows-explicit-mime
|
Did you ever report this issue upstream to the Python project? FWIW I encountered this issue in a completely unrelated context and I will probably mention this workaround (and other related discussions) as a reason for Python to fix this behaviour in the standard library. |
|
Unfortunately, as far as I can tell, this is by design. See, for This same bug is hitting other prominent projects, like Flask, |
|
Thanks for the reply. I'll try to make a case to review the behaviour of the mimetype modules. |
Context:
#2771 (comment)
TL;DR: We use
mimetypes.guess_typefrom the Python standard library toguess MIME types, but on Windows any application can corrupt the backing
registry, and it appears that some popular programs (maybe Visual
Studio) do just that. This breaks TensorBoard for users because we send
text/plainfor scripts, blocking execution.Proposed fix: Either (a) at TensorBoard
maintime, patch themimetypesregistry to hard-code fixes for.jsand any otherknown-bad extensions (should be possible with
mimetypes.add_type, nomonkey patching required), or (b) find all places that call
guess_typeand extract a common helper function that handles the known-bad cases
itself and delegates to
mimetypesfor the rest. Or something to thateffect.
The text was updated successfully, but these errors were encountered: