It's a PDF. Firefox just displays it in the browser with no download prompt.

SquibblesRedux · on May 21, 2021

I did some troubleshooting to see why the original link did not behave as expected.

The original link:

    https://github.com/freenode/web-7.0/raw/main/static/files/on-freenode.pdf

redirects to here:

    https://raw.githubusercontent.com/freenode/web-7.0/main/static/files/on-freenode.pdf

and this command:

    curl -v https://raw.githubusercontent.com/freenode/web-7.0/main/static/files/on-freenode.pdf 2>&1 | less

reveals:

    content-type: application/octet-stream

The application/octet-stream is for "Any kind of binary data," suggesting the correct browser behavior would be to download. To inform the browser that the document is a viewable PDF, a web server normally sends an application/pdf MIME type. [1] The "raw" in the original link is why GitHub thinks the file should be treated as a generic binary.

While this may all seem much ado about nothing and pedantic, I often see this kind of behavior exploited in the wild to deliver malicious payloads. In this case I would say Firefox behaves "safer" than Chrome, but not not necessarily more correctly.

[1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_...

Macha · on May 21, 2021

If you want something to be downloaded, you need to declare

Content-Disposition: attachment

<https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Co...>

Otherwise, the browser is perfectly ok to attempt to render it if it understands how to

adrianmonk · on May 21, 2021

I guess it varies by browser since on Chrome there's a download (and a "file:///" URL in the tab).