Element-web: Files in encrypted rooms do not download in Firefox

Hmm, we do specify sandbox flags allow-downloads allow-downloads-without-user-activation for that iframe, will do a quick little bit of digging

Cannot reproduce with Firefox 80.0.1 (64-bit) on macOS on develop.element.io

Worked for both images and zip files.
This is a pretty bare FF, with just React Devtools installed, maybe try with your add-ons disabled.

Hmm, okay, it does seem to work in Firefox Release (80) but not in Nightly (82). I'll try to work out if it's already filed upstream with Mozilla.

It seems to be related to the sandbox flag allow-downloads which Firefox recently implemented and enabled in 82.

There appears to be some bug or difference in behaviour from Chrome's implementation of this. With Firefox 82, I only seem to get working downloads by disabling sandboxing or adding allow-same-origin to the sandbox flags (which effectively disables the sandboxing anyway), so I'll try to raise this on the Firefox side to see if it can be fixed.

After further investigation, it's actually not related to the sandbox flag allow-downloads, that was just a likely suspect that happened to be enabled around the same time.

Instead, the cause is recent work to isolate blob URLs by agent cluster (roughly meaning similar origins). It's currently unclear to me if this work purposefully breaks blob URLs in sandboxed iframes. I have filed an upstream bug for analysis.

At the moment, this privacy feature is Nightly only and is not proceeding to further release channels yet. For anyone using Firefox Nightly who would like to disable this privacy feature for the moment so that encrypted file downloads work again, you can set the pref privacy.partition.bloburl_per_agent_cluster to false.