uMatrix blocks "Save Link As..." in context menu

[Loirooriol]

Description

uMatrix blocks cross-domain downloads originated from "Save Link As..." in context menu (unless "other" resources from the other domain have been allowed).

A specific URL where the issue occurs

http://example.com/

Steps to Reproduce

1. Load http://example.com/
2. Right-click the "More information..." link
3. Choose "Save Link As..."

Result: error dialog saying

The download cannot be saved because an unknown error occurred.
Please try again.

Expected: save dialog.

Sure, I can allow the download by whitelisting www.iana.org in uMatrix's "other" column. But I think uMatrix should not be blocking manually-triggered downloads.

Supporting evidence

Your environment

• uMatrix version: 1.3.8. This started in 1.3.7b4, 1.3.6 was fine. gorhill/uMatrix@1.3.6...1.3.7b4
• Browser Name and version: Firefox 61 latest Nightly 2018-04-28 rev 8b2c1fc3d6c348f053fe33a478fa3b1ddb5eb8a6
• Operating System and version: Windows 10 Pro x64 1709 (16299.371)

[uBlock-user]

https://github.com/gorhill/uMatrix#regarding-broken-sites

[gwarser]

https://github.com/gorhill/httpswitchboard/wiki/Why-can't-I-save-an-image-using-contextual-menu%3F
gorhill/uMatrix#248
gorhill/uMatrix#407
gorhill/uMatrix#218

[gorhill]

In 1.3.8, uMatrix tries its best to avoid behind-the-scene network requests by using extra information provided by the webRequest API in order to evaluate these behind-the-scene network requests according to the context from which they were made (because gorhill/uMatrix#684). In doing so, it also tries to find the tab which matches best that context. So when you try to "Save as File...", you will have a network request of type "other" reported in the matrix.

In any case, uMatrix can't know that a network request is the result of some special user interaction like the contextual menu.

[Loirooriol]

@uBlock-user I already know that uMatrix can break sites, and how to un-break them. But one thing is blocking requests done by the page, and the other is blocking requests manually triggered by the user, the later seems undesirable.

@gwarser Sorry for the dupe, since I didn't have this problem in uMatrix 1.3.6, I only looked at recent issues.

@gorhill OK, thanks for the explanation.

[Remu-rin]

uMatrix version: 1.3.8. This started in 1.3.7b4, 1.3.6 was fine.

1.3.6 was fine only with default setting to whitelist behind-the-scene actually, if you changed it you needed to recall about logger and test with it to see why save attempt fails (for some time I thought that some of my firefox settings broke it, not extensions. Only recently I dawn upon it was filtered by my umatrix). 1.3.8 got better on this, as gorhill explained above. Now they are reported in tab context and visible in popup, easy to unblock (unless file is served from semi-randomized domain on public-suffix, which may change, like github releases, but you still can edit rule manually to github.com s3.amazonaws.com other allow). In 1.3.6 and before they were behind-the-scene.

[uBlock-user]

the later seems undesirable.

It's been like this always, nothing's changed. Doesn't matter who triggered the network request, it's a network request where the URL wasn't whitelisted, that's why it was immediately blocked.

[bhrgunatha]

I've also (only recently) started getting this issue - left clicking the linked file does NOT cause an 'other' request and brings up the Save dialog as usual (unless e.g. you've configured Preferences | General | Applications for that mime type)

Example: http://www.gutenberg.org/ebooks/788

Left click on "EPUB (with images)" - get the usual Save dialog umatrix logs:

11:46:23 |   | -- | cookie | http://gutenberg.org/{persistent-cookie:session_id}  
-- | -- | -- | -- | --  
11:46:23 |   | -- | cookie | http://gutenberg.org/{persistent-cookie:session_id}  
11:46:22 |   |   | CSP | script-src 'unsafe-eval' blob: *  
11:46:22 |   | -- | COOKIE | session_id=...  
11:46:22 |   |   | doc | http://www.gutenberg.org/cache/epub/788/pg788-images.epub?session_id=...  
  |   | http://www.gutenberg.org/cache/epub/788/pg788-images.epub?session_id=...  
11:46:22 |   |   | CSP | script-src 'unsafe-eval' blob: *  
11:46:22 |   | -- | COOKIE | session_id=...  
11:46:22 |   |   | doc | http://www.gutenberg.org/ebooks/788.epub.images?session_id=...  

whereas

Right click on "EPUB (with images)" - Choose "Save Link As..." umatrix logs:

11:52:21 |   | -- | other | http://www.gutenberg.org/ebooks/788.epub.images?session_id=...
-- | -- | -- | -- | --
11:46:23 |   | -- | cookie | http://gutenberg.org/{persistent-cookie:session_id}
11:46:23 |   | -- | cookie | http://gutenberg.org/{persistent-cookie:session_id}
11:46:22 |   |   | CSP | script-src 'unsafe-eval' blob: *
11:46:22 |   | -- | COOKIE | session_id=...
11:46:22 |   |   | doc | http://www.gutenberg.org/cache/epub/788/pg788-images.epub?session_id=...

Why would uMatrix see the request as 'other' for the right click? Is it just the way the browsers is written?

[kn00tcn]

i finally decided to look into the saving error, ran into https://support.mozilla.org/en-US/questions/1022568 which gave me a workaround idea

i'm testing on humblebundle, when they have book or comic bundles, there are PDF previews that are hosted on a subdomain, so right click save wont work

as an alternative to allowing 'other' in umatrix, changing FF's default application prefs can allow saving (depending on the file type?)

so when i set PDF to 'save file' instead of 'preview', left (or middle) click can now be used to trigger the save in case allowing permissions should be avoided

(i suppose we should technically be saying 'primary' vs 'secondary' click to include left handed mice or esoteric input devices)