A form submission including file data is encoded as multipart/form-data and includes some file metadata as well as the actual file data. For determining a file’s MIME type, Firefox appears to first consult the Windows Registry for a file’s MIME type based on the extension. If the Registry doesn’t have one, then an internal list is consulted.
Microsoft Office hijacks the Windows Registry with a novel MIME type for CSV files.
In my specific case, I was uploading CSV files for tabular processing. Oddly enough, the MIME type in the request was not correct. Rather than text/csv, the MIME was application/vnd.ms-excel instead. What? Stranger yet, this behaviour didn’t happen on all computers that I tested with. Why?
Opening Regedit and following this path
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Classes.csv I found a string entry Content Type with a value of this strange MIME. Comparing the workstations that I used to test my upload, I determined that environments which have or have had MS Office installed have this Registry entry, while Windows’ pristine state does not.
This is an unfortunate issue that simply has to be coded around if upload validation is being done. Test the extension, or attempt to parse the file. I opted to test the extension and chalk CSV parsing exceptions as invalid format.