Explicitly set Content-Type field when getting file attachments (#4280)

1 files changed, 11 insertions, 15 deletions

diff --git a/api/file.go b/api/file.go
index 58b772003..a71bc71da 100644
--- a/api/file.go
+++ b/api/file.go
@@ -31,7 +31,6 @@ import (
 	"github.com/gorilla/mux"
 	"github.com/mattermost/platform/model"
 	"github.com/mattermost/platform/utils"
-	"github.com/mssola/user_agent"
 	"github.com/rwcarlsen/goexif/exif"
 	_ "golang.org/x/image/bmp"
 )
@@ -315,7 +314,7 @@ func getFile(c *Context, w http.ResponseWriter, r *http.Request) {
 	if data, err := ReadFile(info.Path); err != nil {
 		c.Err = err
 		c.Err.StatusCode = http.StatusNotFound
-	} else if err := writeFileResponse(info.Name, data, w, r); err != nil {
+	} else if err := writeFileResponse(info.Name, info.MimeType, data, w, r); err != nil {
 		c.Err = err
 		return
 	}
@@ -337,7 +336,7 @@ func getFileThumbnail(c *Context, w http.ResponseWriter, r *http.Request) {
 	if data, err := ReadFile(info.ThumbnailPath); err != nil {
 		c.Err = err
 		c.Err.StatusCode = http.StatusNotFound
-	} else if err := writeFileResponse(info.Name, data, w, r); err != nil {
+	} else if err := writeFileResponse(info.Name, "", data, w, r); err != nil {
 		c.Err = err
 		return
 	}
@@ -359,7 +358,7 @@ func getFilePreview(c *Context, w http.ResponseWriter, r *http.Request) {
 	if data, err := ReadFile(info.PreviewPath); err != nil {
 		c.Err = err
 		c.Err.StatusCode = http.StatusNotFound
-	} else if err := writeFileResponse(info.Name, data, w, r); err != nil {
+	} else if err := writeFileResponse(info.Name, "", data, w, r); err != nil {
 		c.Err = err
 		return
 	}
@@ -409,7 +408,7 @@ func getPublicFile(c *Context, w http.ResponseWriter, r *http.Request) {
 	if data, err := ReadFile(info.Path); err != nil {
 		c.Err = err
 		c.Err.StatusCode = http.StatusNotFound
-	} else if err := writeFileResponse(info.Name, data, w, r); err != nil {
+	} else if err := writeFileResponse(info.Name, info.MimeType, data, w, r); err != nil {
 		c.Err = err
 		return
 	}
@@ -507,27 +506,24 @@ func getPublicFileOld(c *Context, w http.ResponseWriter, r *http.Request) {
 	if data, err := ReadFile(info.Path); err != nil {
 		c.Err = err
 		c.Err.StatusCode = http.StatusNotFound
-	} else if err := writeFileResponse(info.Name, data, w, r); err != nil {
+	} else if err := writeFileResponse(info.Name, info.MimeType, data, w, r); err != nil {
 		c.Err = err
 		return
 	}
 }
 
-func writeFileResponse(filename string, bytes []byte, w http.ResponseWriter, r *http.Request) *model.AppError {
+func writeFileResponse(filename string, contentType string, bytes []byte, w http.ResponseWriter, r *http.Request) *model.AppError {
 	w.Header().Set("Cache-Control", "max-age=2592000, public")
 	w.Header().Set("Content-Length", strconv.Itoa(len(bytes)))
-	w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer
 
-	// attach extra headers to trigger a download on IE, Edge, and Safari
-	ua := user_agent.New(r.UserAgent())
-	bname, _ := ua.Browser()
+	if contentType != "" {
+		w.Header().Set("Content-Type", contentType)
+	} else {
+		w.Header().Del("Content-Type") // Content-Type will be set automatically by the http writer
+	}
 
 	w.Header().Set("Content-Disposition", "attachment;filename=\""+filename+"\"")
 
-	if bname == "Edge" || bname == "Internet Explorer" || bname == "Safari" {
-		w.Header().Set("Content-Type", "application/octet-stream")
-	}
-
 	// prevent file links from being embedded in iframes
 	w.Header().Set("X-Frame-Options", "DENY")
 	w.Header().Set("Content-Security-Policy", "Frame-ancestors 'none'")