Gutenberg: File block - Can't upload .zip file using Upload button but can using Media Library link

@bobbingwide Hey there! Thanks for reporting this. I tried to replicate on my end using Gutenberg 8.4.0, WordPress 5.4.2, and the TwentyTwenty theme. Here's a video where I used a zip of a previous Gutenberg version as a test with the file block:

https://cloudup.com/cL1oapNsrcS

Generally speaking, this is likely related to other security measures on your site and not Gutenberg. For example, here's a guide that walks you through how to resolve this: https://www.elegantthemes.com/blog/wordpress/how-to-fix-the-sorry-this-file-type-is-not-permitted-for-security-reasons-error-in-wordpress

If you believe this is Gutenberg specific though, please do re-open this issue! For now, I'm going to close this out.

I'm running the code locally in my Windows development environment.
When I view source the value of _wpUploadSettings is:

var _wpPluploadSettings = {"defaults":{"file_data_name":"async-upload","url":"/wp54/wp-admin/async-upload.php","filters":{"max_file_size":"26214400b","mime_types":[{"extensions":"jpg,jpeg,jpe,gif,png,bmp,tiff,tif,ico,asf,asx,wmv,wmx,wm,avi,divx,flv,mov,qt,mpeg,mpg,mpe,mp4,m4v,ogv,webm,mkv,3gp,3gpp,3g2,3gp2,txt,asc,c,cc,h,srt,csv,tsv,ics,rtx,css,htm,html,vtt,dfxp,mp3,m4a,m4b,aac,ra,ram,wav,ogg,oga,flac,mid,midi,wma,wax,mka,rtf,js,pdf,class,tar,zip,gz,gzip,rar,7z,psd,xcf,doc,pot,pps,ppt,wri,xla,xls,xlt,xlw,mdb,mpp,docx,docm,dotx,dotm,xlsx,xlsm,xlsb,xltx,xltm,xlam,pptx,pptm,ppsx,ppsm,potx,potm,ppam,sldx,sldm,onetoc,onetoc2,onetmp,onepkg,oxps,xps,odt,odp,ods,odg,odc,odb,odf,wp,wpd,key,numbers,pages"}]},"multipart_params":{"action":"upload-attachment","_wpnonce":"b46a1bd832"}},"browser":{"mobile":false,"supported":true},"limitExceeded":false};

as you can see zip is listed in the file types.

I don't see any request going to the server.
So the validation is being performed in Gutenberg, or when Gutenberg is not active, WordPress core's version of the block.

The video explains how to allow file types that can't be uploaded using other methods. In my case 'zip' is already supported. I use the upload from the Media Library.

@annezazu. Please re-open the issue until an explanation has been found. I don't believe I have the authority to re-open the issue.

In the editor, when I view source, the allowedMimeTypes supports zip as application/zip

( function() {
--
  | window._wpLoadBlockEditor = new Promise( function( resolve ) {
  | wp.domReady( function() {
  | resolve( wp.editPost.initializeEditor( 'editor', "post", 359, {"alignWide":true,"availableTemplates":{"":"Default template","templates\/template-cover.php":"Cover Template","templates\/template-full-width.php":"Full Width Template"},"allowedBlockTypes":true,"disableCustomColors":false,"disableCustomFontSizes":false,"disableCustomGradients":false,"disablePostFormats":true,"titlePlaceholder":"Add title","bodyPlaceholder":"Start writing or type \/ to choose a block","isRTL":false,"autosaveInterval":60,"maxUploadFileSize":26214400,"allowedMimeTypes":{"jpg\|jpeg\|jpe":"image\/jpeg","gif":"image\/gif","png":"image\/png","bmp":"image\/bmp","tiff\|tif":"image\/tiff","ico":"image\/x-icon",

...

,"csv":"text\/csv","tsv":"text\/tab-separated-values","ics":"text\/calendar","rtx":"text\/richtext","css":"text\/css","htm\|html":"text\/html",
...

,"js":"application\/javascript","pdf":"application\/pdf","class":"application\/java","tar":"application\/x-tar","zip":"application\/zip","gz\|gzip":"application\/x-gzip","rar":"application\/rar","7z":" 

etc..

The zip entry is the last one listed when I view wp.data.select('core/editor').getEditorSettings().allowedMimeTypes in the console.

I don't have a problem uploading a .gz file

I've made some progress attempting to debug the problem.
It would appear that the value of mediaFile.type is application/x-zip-compressed, but in my development machine mime_content_type returns application/zip.

A Google search indicates I'm not the first person to suffer this problem.

I tried hacking core ( wp-includes/functions.php ) to add

'xzip'                           => 'application/x-zip-compressed',` 

to the array in wp_get_mime_types().

And it worked.
I needed to change the key from zip to xzip to allow both application/zip and `application/x-zip-compressed'.
Both end up as .zip files in the server.

So my guess is it's Gutenberg revealing a previously unhandled limitation of WordPress core.

I've found a TRAC that reports the problem similarly.
Now I've debugged the problem, I've found a relevant WordPress TRAC: https://core.trac.wordpress.org/ticket/46775

See also https://core.trac.wordpress.org/ticket/40175

@bobbingwide thanks for following up here with more information :) I've reopened and will add the label for needs-testing so someone else can try to replicate the issue at hand. Can you confirm you've tested this with Gutenberg 8.4 as well?

Can you confirm you've tested this with Gutenberg 8.4 as well?

Tested with Gutenberg 8.4.0 as well.
The problem occurs with Windows machines. What were you using?

In my opinion the most sensible fix would be in WordPress core. See TRAC 40175.
It's also possible that Gutenberg could be changed to allow the upload to proceed for any mediaFile.type that it doesn't recognise and rely on the server being responsible for rejecting it.

@bobbingwide circling back on this -- I've changed this from needs testing to a Core Bug as I agree that this would be best fixed by the trac issue you referenced. Thanks so much for your thorough reporting and digging in ❤️. I learned something new just following along!

Gutenberg 8.7 on WP 5.4.2 | WP 5.4.2 with Gutenberg turned off
--- | ---
https://d.pr/i/M09uJE | https://d.pr/i/ZNiNdH
|I can reproduce with Gutenberg 8.7 on WP 5.4.2 and it happens for .png, .jpeg, .pdf, .csv and possibly all other type of files. | With Gutenberg plugin turned off I cannot reproduce on WP 5.4.2|

@zdenys pull request #24318 addressed the issues with uploading files, however, this specific issue where uploading was not permitted for security reasons, as stated in the error message, was not tested.

From my testing, it seems like #24318 fixed this indeed. (Specifically, I can repro the bug with 8.7, but not with 8.7.1, which includes only #24318, and another unrelated PR on top of 8.7.)

Doesn't look like it's solved. Both with and without the Gutenberg plugin (8.8.0) installed, I get the same error while on windows.
When I try to do this from Linux, all works fine.

circling back on this -- I've changed this from needs testing to a Core Bug as I agree that this would be best fixed by the trac issue you referenced.

Doesn't look like it's solved. Both with and without the Gutenberg plugin (8.8.0) installed, I get the same error while on windows.

In my opinion the most sensible fix would be in WordPress core. See TRAC 40175.
It's also possible that Gutenberg could be changed to allow the upload to proceed for any mediaFile.type that it doesn't recognise and rely on the server being responsible for rejecting it.

The problem hasn't been addressed in Gutenberg 8.9.1 nor has it been fixed in WordPress core.

This issue should be re-opened while the problem still occurs.

The error is still occurring with the latest WP version 5.5.1 (native Gutenberg).

Reopening. It sounds like this is a windows-specific issue?

yes, i can confirm it happens on Windows in any browser, but not on Linux. (Didn't test on mac)