Yes, this is exactly what Imgur and Reddit are doing. They're serving you an HTML page that requires JavaScript, riddled with ads, when you intended to link to an image file. This happens because when the user agent navigates to a URL, it prefers text/html over other formats, so it's possible to distinguish it from an <img> fetch. This is a feature, but I do take the stance that it is a misuse of the feature as it is done on Reddit and Imgur, just the same as how abusing the window.open API for popup ads was (and how, in that era, it was relatively promptly taken care of by user agents, back when the word "user" in user agent meant anything.)
I didn't at any point call serving formats I "don't prefer" (I do prefer AVIF) "abuse" of the Accept header. I just don't want images that were JPEGs to be transcoded to even lossier WebP/AVIF/HEIC files when I browse to them. Sure, if it's part of the page layout it's not a big deal, but when I'm viewing the original size image, it should be, ideally, the original image. I don't actually care if the image is WebP/AVIF/HEIC natively, that is not a problem.
This won't work if implemented browser-wide as malicious website will just adjust the URLs for their images to compensate. In general, URL file extension snooping only causes more problems than it solves.
Maybe. It seems sensible to me that if the UA is requesting a path that ends in .jpg (for instance), they're expecting a JPEG and the UA should accept image/jpeg. At least if this escalates the arms race, user-hostile websites won't commit this specific crime, instead they'll serve content that better matches the URL.
> This happens because when the user agent navigates to a URL, it prefers text/html over other formats, so it's possible to distinguish it from an <img> fetch. This is a feature
Is it though? What non user-hostile things does it enable?
I think you're thinking about this slightly backwards. What else would you expect the browser to do, given a URL and no other context? Would it not ... prefer text/html? It's a hypertext browser, it prefers hypertext.
For many, many years, content negotiation was not adversarial, and there was little reason to believe it ever would be. Until it was, of course.
So how do we fix it, telling every page view we'd prefer if it were a JPEG? Probably not. Of course, you could make "Open Image in New Tab" do some magic to ensure that it acts like an image fetch: that sounds like a good idea.
> What non user-hostile things does it enable?
Content negotiation in general is pretty good. In theory, it lets a web server pick the best possible format that is supported by your client. For example, it would be possible for the server to transparently serve you a JPEG XL-compressed JPEG if your browser supports it, or fall back to the original (identical but larger) JPEG image if it does not.
Is there a good reason to prefer text/html? I know this will be unpopular but I believe that "upgrading" GIF links to WebMs in <video> tags is not user hostile in and of itself. GIF89a is a pretty antiquated format and LZW compression of 8bpc frame deltas is not exactly state of the art anymore; the difference between a GIF and a WebM of the same thing is usually multiple megabytes of bandwidth, and that can be extremely annoying, especially on mobile clients. Of course if you make it hard to access the original file, this will reasonably irritate people, but I think broadly the idea behind it is reasonable.
Being able to distinguish a navigation fetch from an <img> fetch is actually good because it would let the server behave in a more user-friendly fashion on the navigation fetch, for example by serving only formats that would be most likely to be useful to the user. Unfortunately, we can't have nice things, so it seems like some day content negotiation will have to be partly gimped.
I honestly did assume it was a sincere question, but I will admit I was rubbed a bit the wrong way about "serving formats you don't prefer" because I was trying to word my original comment carefully enough to avoid that implication.
Internet commenting has definitely taught me many times that it is actually really hard to convey what you're thinking accurately.
I didn't at any point call serving formats I "don't prefer" (I do prefer AVIF) "abuse" of the Accept header. I just don't want images that were JPEGs to be transcoded to even lossier WebP/AVIF/HEIC files when I browse to them. Sure, if it's part of the page layout it's not a big deal, but when I'm viewing the original size image, it should be, ideally, the original image. I don't actually care if the image is WebP/AVIF/HEIC natively, that is not a problem.